15 free tools covering every dimension of Advanced Persistent Threat intelligence -- from India-targeted actor profiles and MITRE ATT&CK heatmaps to hunt builders, purple team exercises, and credential access references. Built for Indian SOC teams facing nation-state threats.
Searchable reference for APT groups with documented campaigns targeting Indian organisations and the wider South Asian threat landscape.
10 APT groups with India campaigns -- Sidewinder, Transparent Tribe, Bitter, Lazarus, Dark Pink, APT41, SideCopy, Volt Typhoon, Kimsuky. Filter by origin and sector.
Select any APT group and generate a MITRE ATT&CK heatmap showing exactly which tactics and techniques they use. Prioritise your detection engineering roadmap.
Select two APT groups -- get a side-by-side TTP comparison with shared techniques, unique techniques, tooling overlap, and combined coverage bar. Essential for ambiguous attribution.
10-question incident classifier. Answer questions about your active incident and get an assessment: targeted APT, opportunistic cybercrime, or script kiddie -- with response posture guidance.
Enter your domain -- see what a threat actor discovers via passive OSINT. Queries certificate transparency logs, identifies sensitive subdomain exposure, and shows the attacker's pre-attack view.
Searchable references for the tools, malware families, and techniques APT groups deploy against Indian targets.
11 APT-attributed malware families -- CrimsonRAT, ElizaRAT, CapraRAT, BLINDINGCAN, FASTCash, Manuscrypt, QuasarRAT, PlugX and more. Delivery, persistence, C2, IOCs, detection.
12 LOLBins abused by APT groups with legitimate vs malicious usage examples, APT attribution, and SPL/KQL detection queries. certutil, mshta, rundll32, ntdsutil and more.
Every APT credential harvesting technique -- LSASS dump, NTDS.dit extraction, Kerberoasting, DCSync, browser theft, keylogging. Tools, Event IDs, and detection queries for each.
10 persistence techniques ranked by detection frequency -- Registry Run keys to UEFI firmware implants. Windows Event IDs, KQL queries, remediation steps, and which APT groups use each.
Tools that turn threat intelligence into active detection and structured hunt operations.
Select a threat actor and your available log sources -- get structured hunt hypotheses with specific data to query, KQL and SPL examples, and interpretation guidance.
Enter IOCs and TTPs from any threat report -- get draft SPL and KQL detection rules instantly. IP blocklists, hash rules, behavioural patterns, registry keys, User-Agent strings.
Select a threat actor and environment type for a structured purple team plan: techniques to simulate, AtomicRedTeam commands, expected artefacts, and SIEM validation queries per phase.
Interactive Diamond Model of Intrusion Analysis. Fill the four vertices (Adversary, Infrastructure, Capability, Victim) and meta-features. Export as a structured text intelligence product.
Assess and improve your organisation's threat intelligence capability.