Threat Report provides the following pieces of information about the threat:
- Title and Summary of the threat
- Details about the origin and targeted countries
- Various Indicators of Compromise (IOC) as below (click on respective chart in the I3 Portal to see detailed values for selected IOC):
- Targeted CVEs – Vulnerabilities that are leveraged in the Threat
- Attack Domains – Malicious domains that are used in the Threat
- Attack URLs – Malicious URLs that are used in the Threat. These are potentially phishing URLs.
- Hashes – Hashes for the malware associated with the Threat. These are essentially signatures of the associated malware files.
- Attack Servers – Malicious IPs address or host names for the Command and Control (C&C) functions associated with the malware
- YARA Rules – YARA (Yet Another Ridiculous Acronym) rules are devised to classify and identify malware samples, constructing descriptions of malware families rooted in textual or binary patterns.
- Details about associated Malware Families
- Affected Industries
- Attack Types (as per MITRE ATT&CK framework)
- Tags
- Reference links for further reading