Advanced Threat Emulation Scenarios

Advanced Threat Emulation Scenarios

5 escenarios completos de emulación de APTs reales:

• APT29 (Cozy Bear) — Spearphishing → WellMess loader → Cobalt Strike → cloud credential theft. Con Sigma rules para detección.
• FIN7 — Phishing con macro → Carbanak backdoor → POS lateral movement → data exfil. Con YARA rules.
• Lazarus Group — Watering hole → custom RAT → cryptocurrency wallet theft → wiper deployment. Con Snort rules.
• APT28 (Fancy Bear) — OAuth phishing → credential harvesting → Exchange exploitation → persistence. Con KQL queries.
• Conti (ransomware) — Trickbot initial access → BazarLoader → Cobalt Strike → domain-wide encryption. Con detection timeline.
• Cada escenario: Narrative completa, MITRE ATT&CK mapping, atomic tests reproducibles, detection rules multi-SIEM.