Information Gathering

Attacker-Group-Predictor – Predict Attacker Groups from Techniques used

Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

 

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework

How it works?

  • 1- Collect data from https://attack.mitre.org/ about attacker groups
  • 2- Get data from user about attack
  • 3- Compare data and create result

Installation

git clone https://github.com/omergunal/Attacker-Group-Predictor.git
cd Attacker-Group-Predictor/
pip3 install -r requirements.txt

Usage

python3 main.py
Fill the inputs

Update Attacker Groups Data

cd updater
python3 update.py

Example

python3 main.py
  Techniques used (ID or Name) (Seperate with comma):Brute Force,Commonly used port,connection proxy,Credential dumping
  Softwares used (ID or Name) (Seperate with comma):Bankshot,mimikatz,Rawdisk
Most probable groups:
Lazarus Group
APT33
menuPass
Threat Group-3390
APT41


About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: