Hey cybersecurity evangelist, hope this walk through article finds you all in a good spirit. Let’s do a deeper investigation, leveraging Splunk SIEM solution to investigate a real-word APT scenario case which is provided by Splunk Boss of the SOC.

Knowledge Sharing — Advanced Persistent Threat (APT) refers to a highly sophisticated and sustained cyberattack where a threat actor. The goal is not quick financial gain, but long-term infiltration in order to steal sensitive information, conduct cyber espionage, carry out data exfiltration, or even disrupt operations.

The more APT Groups info can be found through MITRE ATT&CK®

Splunk SPL Query Documents —

Scenario —