Bookworm to Stately Taurus Using the Attribution Framework

Description

This analysis examines the Bookworm malware family and its connection to the Chinese APT group Stately Taurus. Using a structured attribution framework, the study evaluates tactics, tooling, operational security, infrastructure, victimology and timelines to establish a high-confidence link between Bookworm and Stately Taurus. Key evidence includes shared program database paths, overlapping command and control infrastructure, and consistent targeting of Southeast Asian governments. The framework assigns scores to each piece of evidence, resulting in an overall attribution confidence score of 58.4 out of 100, indicating strong confidence in the connection. This systematic approach aims to improve analytical rigor and collaboration in threat intelligence.