The Adversary Intelligence page provides details about the adversaries who conducted targeted attacks for a country that you select on the Global Adversaries by Location map. Symantec EDR imports these details daily from the Dynamic Adversary Intelligence (DAI) feed.
This page provides detailed information about the adversaries, such as the malware and techniques they use to attack their victims; the motivation for their attacks; and the locations from where they conduct their attacks. It also includes detailed summaries about the adversaries by Symantec analysts, and references to third-party online publications. (See table below for more information.)
To view this page in the EDR appliance console, click on a country on the Global Adversaries by Location map on the Dashboard in which adversaries have been detected.
The adversaries are listed in alphabetical order. Click next and previous at the bottom of the page to toggle between adversaries.
The Adversary Intelligence page provides the following details:
The name of the adversary conducting the targeted attack.
A high-level summary of the adversary's activities.
Other names by which the adversary is known.
The method by which the adversary gained access to its victims (for example, email, watering hole, data storage device).
A list of public CVE (Common Vulnerability and Exposure) values used by the adversary.
Malware Families Used
The malware families that the adversary used in its targeted attack.
The date that Symantec first saw the adversary.
The analyst's assessment of what the adversary's motivation may be (for example, intelligence, financial, disruption).
The country or countries from which the analyst believes that the adversary is operating.
Third-party online publications (such as white papers, articles, blogs, etc.) pertaining to the adversary.
The date the reference was published.
The URL of the reference.
The title of the reference.
A short summary of the reference.
This section also provides the following comment:
The following information is provided for reference purposes only. Using the URL may direct you to a third-party website that Symantec does not own or control. Symantec does not endorse and is not responsible for any content that is contained on third-party websites.
Subscribing will provide email updates when this Article is updated. Login is required.