Tag: EN

Rigor in Threat Intel

I’m just going to say it. IOCs are not “threat intel”.  Lists of IP addresses and domain names, without context, are data points and information, not “intel”. Threat intel is based on patterns developed from the accumulation/aggregation of data. In…

LNK Files in CTI

There’s a good bit of file analysis that goes into CTI reports, including (but not limited to) malware analysis. But for some reason, not all files appear to be worthy of parsing and analysis. We also tend to see in-depth…