View article

The present invention provides advanced threat intelligence of the danger posed by a phishing web site, and the profiling of phishers or teams of phishers who are likely to use and reuse infrastructures, or tools for phishing.[0009] The present invention facilitates the automatic acquisition of ground truth data about malicious attackers based upon their own code base and tools used in large collections of phishing sites, and the automatic evaluation of the level of danger posed by a phishing site based upon, for example, the kind of PII the site attempts to steal from an unwitting victim. The evaluation metrics may be presented as, for example, three distinct levels of danger, or may be extended to finer granularity depending upon context. Profiling attacker behaviors has tremendous value as advanced threat intel for defenders seeking fast detection of likely adversary threats. Detailed profiles of the code within each …