Graphical map of known Advanced Persistent Threats v2.1
https://andreacristaldi.github.io/APTmap/
An Advanced Persistent Threat (APT) is a stealthy computer network threat actor, nation state, state-sponsored group or non-state sponsored groups conducting large-scale targeted intrusions for specific goals, which gains unauthorized access to a computer network and remains undetected for an extended period.
Attribution is a very complex issue. This map is based on data from different sources (vendor, studies, reports, ...) and it is not a reliable source. The majority of the mappings rely on the findings in a single incident analysis. Groups often change their toolsets or exchange them with other groups. This makes attribution of certain operations extremely difficult. Information published here may be wrong, outdated, or may change based on evolving information.
Primary sources: MISP, MITRE, ETDA, VX-Underground
The data reported here are the result of a processing based on static analysis techniques performed on 29GB of malware samples attributed to APT groups, followed by a correlation process. The sample group is limited to PE Portable executable. The data in JSON format are available on the github repository.
Sample source: VX-Underground
Project: Andrea Cristaldi Linkedin, Cybersec4 The data is stored in JSON format and will be updated periodically.Shield:
This work is licensed under a Creative Commons Attribution 4.0 International License.
