VERY IMPORTANT

Researchers at Infoblox have developed an advanced technique leveraging graph theory and SSL certificates to uncover threat actor operational relationships. The approach analyzes Certificate Transparency logs, using the Subject Alternative Name field in certificates to identify domains under common control. By modeling domains as nodes and certificate relationships as edges, the system reveals comprehensive threat infrastructures. This method enables discovery of new malicious domains, consolidation of threat actor identities, and early detection of emerging threats. The system processes millions of certificates daily, providing actionable intelligence on threat actor operations across various types of cybercriminal activities.