Eye House - Threat Actor Profiling Lab

Threat Intelligence Terminal

INCIDENT BRIEFING

Date: 2026-02-10

Organization: GlobalFinance Corp

Incident Type: Advanced Persistent Threat

Initial Detection: Suspicious PowerShell execution detected by EDR

Observed Activity:

- Phishing email with malicious attachment

- Lateral movement via RDP and WMI

- Scheduled task creation for persistence

- Data exfiltration via DNS tunneling

Your Mission: Map the TTPs to MITRE ATT&CK and profile the threat actor.

==========================================

MITRE ATT&CK LOOKUP SYSTEM

==========================================

Available Commands:

search [tactic/technique] - Search ATT&CK framework

describe [TID] - Get detailed info on technique

groups - List known threat groups

match-ttps - Match TTPs to threat groups

System Ready.

intel@mitre:~$

ATT&CK Navigator Matrix

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command & Control

Impact

Initial Access

T1566

Phishing

T1190

Exploit Public-Facing Application

Lateral Movement

T1021

Remote Services

T1047

Windows Management Instrumentation

Persistence

T1053

Scheduled Task/Job

T1547

Boot or Logon Autostart Execution

Exfiltration

T1048

Exfiltration Over Alternative Protocol

T1041

Exfiltration Over C2 Channel

Threat Actor Profile

Motivation:

Sophistication Level:

Target Sectors:

Eye House - Threat Actor Profiling Lab

Analysis Objectives

INCIDENT BRIEFING

Initial Access

Lateral Movement

Persistence

Exfiltration

Threat Actor Profile

Threat Group Match

Eye House - Threat Actor Profiling Lab

Analysis Objectives

INCIDENT BRIEFING

Initial Access

Lateral Movement

Persistence

Exfiltration

Threat Actor Profile

Threat Group Match

ANALYSIS COMPLETE!