The Kill Chain Evolution of a Middle Eastern Threat Actor - Intelligence from Seventeen Months of Deception and Analysis of Politically Targeted Malware Attacks
In 2017, when I was still learning my way, I tracked and deceived a threat actor for 17 months, until my cover was eventually blown. At the time, coinciding with several geopolitical crises, my evaluation of the potential consequences of publishing the report had higher risk than I, or the people around me, would tolerate. The report was never published.
While this was personal work, I tried to implement enterprise quality incident response, analysis, forensics, and documentation. Some of the authored detection was added to https://github.com/ditekshen/detection.
This is an anonymized and unedited - since then - version of that report. The data in the report may still be valuable and relevant from a hoslistic attack progression point of view.