A technical characterization of APTs by leveraging public resources

Abstract Advanced persistent threats (APTs) have rocketed over the last years. Unfortunately, their technical characterization is incomplete—it still unclear if they are advanced usages of regular malware or a different form malware. This key to develop an effective cyberdefense. To address this issue, in paper we analyze techniques and tactics at stake for both APT-linked enable reproducibility, our approach leverages only publicly available datasets analysis tools. Our study involves 11,651 4686 ones. Results show that sets not statistically different, but can be automatically classified with F 1 > 0.8 most cases. Indeed, 8 reach 0.9. Beyond differences tactics, shows thats actors behind APTs exhibit higher competence than those from non-APT malwares.