How can I read and make sense from the Threat Report?

Threat Report provides the following pieces of information about the threat:

  • Title and Summary of the threat
  • Details about the origin and targeted countries
  • Various Indicators of Compromise (IOC) as below (click on respective chart in the I3 Portal to see detailed values for selected IOC):
    • Targeted CVEs – Vulnerabilities that are leveraged in the Threat
    • Attack Domains – Malicious domains that are used in the Threat
    • Attack URLs – Malicious URLs that are used in the Threat. These are potentially phishing URLs.
    • Hashes – Hashes for the malware associated with the Threat. These are essentially signatures of the associated malware files.
    • Attack Servers – Malicious IPs address or host names for the Command and Control (C&C) functions associated with the malware
    • YARA Rules – YARA (Yet Another Ridiculous Acronym) rules are devised to classify and identify malware samples, constructing descriptions of malware families rooted in textual or binary patterns.
  • Details about associated Malware Families
  • Affected Industries
  • Attack Types (as per MITRE ATT&CK framework)
  • Tags
  • Reference links for further reading