Refer: https://forum.cert.br/
The presentation focused on a detailed analysis of the LockBit ransomware, highlighting its operations, significant events, Indicators of Compromise (IoC), and Tactics, Techniques, and Procedures (TTPs) as per the MITRE ATT&CK framework. It also discussed the automation of IoC collection from Malicious Actors in Open Sources, utilizing Python and the MISP platform's REST API for data input. This study was presented as part of the supporting materials for the CSIRT Forum in Brazil.
Image captured during the 2023 Forum presentation
The presentation centered around the creation of an internal Sandbox with automation using the Cuckoo Sandbox tool. It demonstrated how such an environment can be used for automated malware analysis within organizations, integrating with various sources such as MISP, ElasticSearch, and others. It also emphasized supporting privacy activities, managing security incidents, investigating advanced threats, and automating threat sharing. This content was also part of the supporting materials for the CSIRT Forum in Brazil.