216.73.217.176

Using SSL Certificates and Graph Theory to Uncover Threat Actors

· Published 04/03/2026 19:42 · Modified 05/03/2026 09:50

Export JSON

Essential information

Published
04/03/2026 19:42
Modified
05/03/2026 09:50
Tags
2026-03-04 certificate transparency domain clustering graph theory infrastructure discovery ssl certificates threat intelligence
Related entities
8 techniques (mitre), 200 others

Description

Researchers at Infoblox have developed an advanced technique leveraging and to uncover threat actor operational relationships. The approach analyzes logs, using the Subject Alternative Name field in certificates to identify domains under common control. By modeling domains as nodes and certificate relationships as edges, the system reveals comprehensive threat infrastructures. This method enables discovery of new malicious domains, consolidation of threat actor identities, and early detection of emerging threats. The system processes millions of certificates daily, providing actionable intelligence on threat actor operations across various types of cybercriminal activities.

External references