&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12113820.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,113,820 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Threat actor identification systems and methods</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Gaurav Mitesh Dalal,  Fremont, CA (US);  Hung-Jen Chang,  Fremont, CA (US); and  Ali Mesdaq,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  PROOFPOINT TECHNOLOGIES, INC.,  Sunnyvale, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Proofpoint, Inc.,  Sunnyvale, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on May   24, 2023, as Appl. No. 18/201,448.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/201,448 is a continuation of application No. 17/166,984, filed on Feb.  3, 2021, granted, now 11,700,272.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/166,984 is a continuation of application No. 16/247,182, filed on Jan.  14, 2019, granted, now 10,965,701, issued on Mar.  30, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0308463 A1, Sep.  28, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1425</b></i> (2013.01)&#xa0;[<i><b>H04L 63/1466</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>18 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12113820-20241008-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A threat actor identification system comprising:<div class="claim_text">a computer embodying a threat actor identification system, the computer comprising at least one processor and at least one non-transitory computer-readable medium storing instructions translatable by the at least one processor to perform:<div class="claim_text">obtaining domain data for each of a plurality of domains;</div>
                  <div class="claim_text">generating, based on computed similarities in the obtained domain data, one or more domain clusters, each domain cluster including a corresponding subset of the plurality of domains, wherein the generating of the one or more domain clusters is based on an examination of the obtained domain data, which includes:<div class="claim_text">examining web page content for the plurality of domains, determining web page content similarity values indicative of similarities between individual ones of the plurality of domains, and generating domain clusters based on the web page content similarity values; and</div>
                    <div class="claim_text">examining infrastructure data for the plurality of domains, determining infrastructure data similarity values indicative of similarities between individual ones of the plurality of domains, and generating domain clusters based on the infrastructure data similarity values;</div>
                  </div>
                  <div class="claim_text">determining, for one or more of the generated domain clusters, that the domain cluster is associated with a threat actor; and</div>
                  <div class="claim_text">providing, for the one or more of the generated domain clusters that is associated with the threat actor, an indication of the corresponding threat actor to one or more corresponding entities targeted by the threat actor.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>