And Campaign Analysis

Overview

And Campaign Analysis is a threat intelligence tool that appears across threat intelligence workflows in this knowledge base. It is referenced as part of higher-level security analysis, investigation, monitoring, or validation activity rather than as an end in itself.

What It Is

And Campaign Analysis is best understood as a threat-intelligence tool in this knowledge base. Its role is conceptual and system-facing rather than procedural: it gives analysts or defenders a structured way to examine evidence, model system behavior, or reason about security state.

How It Works

And Campaign Analysis works by turning technical inputs into more interpretable outputs at the system level. Across the source skills, it appears as part of larger analysis, investigation, monitoring, or validation loops rather than as a standalone end state.

Core Concepts

• MITRE ATT&CK
• threat actor
• APT
• CrowdStrike
• Mandiant
• attribution
• kill chain
• NIST CSF
• threat intelligence

Typical Workflow

• MITRE ATT&CK Groups: 130+ documented nation-state and criminal groups with TTP mappings
• CrowdStrike Annual Threat Report: adversary naming by nation-state (BEAR=Russia, PANDA=China, KITTEN=Iran, CHOLLIMA=North Korea)
• Mandiant M-Trends: annual report with sector-specific targeting statistics
• CISA Known Exploited Vulnerabilities (KEV) catalog: identifies vulnerabilities actively exploited by specific threat actors
• Shortlist 5–10 groups most likely to target your organization based on sector alignment and recent activity.
• Identity: ATT&CK Group ID (e.g., G0016 for APT29), aliases (Cozy Bear, The Dukes, Midnight Blizzard), suspected nation-state sponsor
• Motivations: Espionage, financial gain, disruption, intellectual property theft
• Targeting: Sectors, geographies, organization sizes, technology targets (OT/IT, cloud, supply chain)
• Capabilities: Custom malware (e.g., APT29's SUNBURST, MiniDuke), exploitation of 0-days vs. known CVEs, supply chain attack capability
• Campaign History: Notable operations with dates (SolarWinds 2020, Exchange Server 2021, etc.)

Use Cases

• Updating the organization's threat model with profiles of adversary groups recently observed targeting your sector
• Preparing an executive briefing on APT groups that align with geopolitical events affecting your business
• Enabling SOC analysts to understand attacker objectives and TTPs to improve detection tuning

Limitations

• Output still depends on context, data quality, and surrounding analysis.
• The tool should be interpreted as part of a broader workflow, not as a complete answer by itself.
• Capabilities and visibility vary depending on environment, integrations, and available inputs.

Related Tools

• And Campaign Linkages, And Technical Intelligence For Adversary Profiling, Community Maintained Database Of 130+ Documented Adversary Groups With Referenced Campaign Reports, CrowdStrike Falcon Intelligence, Dark Web, Malware Families, Mandiant Advantage Threat Intelligence, MITRE ATT&CK Groups

Sources

• profiling-threat-actor-groups