Sign up to save your podcasts
Or
Share 10 Things I Hate About Attribution: A Clustering Conundrum
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
10 Things I Hate About Attribution: A Clustering Conundrum
Send us fan mail!
Hello to all our cyber detectives and pedantic CTI friends! In this episode of Discarded, host Selena Larson is joined by Greg Lesnewich, Staff Threat Researcher at Proofpoint for a behind-the-scenes look at one of the most frustratingly fascinating attribution cases yet.
What begins as a lighthearted rant: “10 Things I Hate About Attribution,” quickly turns into a deep dive into the murky overlap between TA829 (aka RomCom), TA289, and the elusive GreenSec cluster. From TransferLoader and malware panels to REM proxy infrastructure and attack chain similarities, Greg and Selena dissect the breadcrumb trail that led to a 25-page blog, a mountain of malware chains (Dusty Hammock? Single Camper?), and an attribution headache.
Topics Include:
- TA829 (aka RomCom) and the elusive GreenSec cluster: What’s the difference?
- Vertical targeting overlap (and divergence)
- Malware breakdown: TransferLoader vs. RomCom and related malware
- Use of REM proxy and rebrand.ly infrastructure
- Attribution logic and the perils of shared tooling
- Bonus: Existential mysteries and karaoke mic commentary
The attribution game isn’t always about getting it right—it’s about asking better questions. Join us in the mess, and keep connecting the dots.
For more information about Proofpoint, check out our website.
Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!
View all episodes
By Proofpoint
4.9
5555 ratings
Send us fan mail!
Hello to all our cyber detectives and pedantic CTI friends! In this episode of Discarded, host Selena Larson is joined by Greg Lesnewich, Staff Threat Researcher at Proofpoint for a behind-the-scenes look at one of the most frustratingly fascinating attribution cases yet.
What begins as a lighthearted rant: “10 Things I Hate About Attribution,” quickly turns into a deep dive into the murky overlap between TA829 (aka RomCom), TA289, and the elusive GreenSec cluster. From TransferLoader and malware panels to REM proxy infrastructure and attack chain similarities, Greg and Selena dissect the breadcrumb trail that led to a 25-page blog, a mountain of malware chains (Dusty Hammock? Single Camper?), and an attribution headache.
Topics Include:
- TA829 (aka RomCom) and the elusive GreenSec cluster: What’s the difference?
- Vertical targeting overlap (and divergence)
- Malware breakdown: TransferLoader vs. RomCom and related malware
- Use of REM proxy and rebrand.ly infrastructure
- Attribution logic and the perils of shared tooling
- Bonus: Existential mysteries and karaoke mic commentary
The attribution game isn’t always about getting it right—it’s about asking better questions. Join us in the mess, and keep connecting the dots.
For more information about Proofpoint, check out our website.
Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!
More shows like DISCARDED: Tales From the Threat Research Trenches
View all
Security Now (Audio)
1,983 Listeners
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
636 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
183 Listeners
CyberWire Daily
1,009 Listeners
Smashing Security
312 Listeners
Click Here
415 Listeners
Darknet Diaries
7,913 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners