description	cover	coverY
As Makarov said: "Remember, no russian"	.gitbook/assets/gitbook_cover.jpg	0

📌 FAQ (READ FIRST)

Killing The Bear 2.0

What's this?

Killing The Bear 2.0, same as v1 but way more focused. On what? Only Russian threats.

As you can see, there’s now a landing page at “https://killingthebear.es” where actors and any updates (malware and campaigns coming soon) will be uploaded.

KTB 2.0 won’t be a repository of already known data. I won’t collect data that’s already perfectly organized and widely accessible like Mitre. This time the goal is to provide relevant, actionable information for blue teamers and adversary emulation from the red team’s perspective, ALWAYS following the style and premises of Russian adversaries.

KTB 2.0 is NOT an OSINT repository, it’s a repository for Purple Team, its not just for Intel, and it’ll be built as such.

It won’t only publish about widely known APTs or adversaries, it might also publish about more underground, loner adversaries that might not be as “concerning” for the masses but are interesting to the creator of KTB.

You can keep reach Killing The Bear 2.0 from Github too.

What happened to the previous version of KTB?

You can still access the old version of KTB through previous commits on the official Github repository. There used to be many entries, but the vast majority were empty. Now there will be far fewer entries, but with much more valuable content focused exclusively on adversary emulation bit a bit.

KTB & AI

Lens is activated in this repository. That means you’ll be able to search and relate information using Lens’ AI. This is a feature of Gitbook and therefore may be subject to change.

You only have to click in the upper search panel, and click in the "lens" button at the right. That's all, let the magic do all for you.

Legend & meaning of icons

In the Coverage section, which affects the icons and messages on the home page (killingthebear.es):

The “Most wanted” icon and the red message indicate that this group is of vital interest to the project and that maximum information is being sought about it. The message specifies the reason.

The “Trending” icon and yellow message indicate the trend. This means that the entity is currently trending. The message specifies the reason.

Within the References section of each entity, there will be a checklist:

• Those that are marked as completed have been fully parsed to extract all possible technical fields such as Aliases, Malware, Tools, Vulnerabilities, and especially MITRE.
• Those that are unchecked will be parsed soon

Nomenclature & Aliases

Yes, KTB 2.0 will have its own nomenclature for actors.

The main identifier will be its own and the different community names will be categorized as “aliases”. This will allow you to access, for example, “Syndicate-85” by searching for “APT28” and similar. Why do I do it this way? Because I don’t always agree with the attributions of different manufacturers and why not, because I usually don’t like the names of big companies ;P.

Disclaimer

My opinions are mine, and the information as well as the research, opinions and attitudes are exclusively mine, for better or for worse, and in no case represent the vision or stance of my colleagues or employer.

License

Copyright © Killing The Bear - Jorge Testa 2023 .

Unless otherwise specified, information from external sources and third parties added to this book belongs to its original authors. The book "Killing The Bear" and its references are authored by Jorge Jiménez (aka Jorge Testa) and licensed under the Attribution-NonCommercial 4.0 International (CC BY-NC 4.0).

For any questions, suggestions, collaborations or commercial proposals, please visit All My Links and get in touch with me.