From: TIM: threat context-enhanced TTP intelligence mining on unstructured threat data
TTPs Element | Example | Extract Method |
---|---|---|
IPv4 | 192.168.1.1 | Regex |
Domain | Example.com | Regex |
mail@example.com | Regex | |
Filename | example.vba | Regex |
URL | Regex | |
File Hash | 66efff4c945d3c3b87fc271b47d456db | Regex |
File Path | /home/example/example.o | Regex |
CVE | cve-2017-11882 | Regex |
Encode&Encryption Algorithm | Base64, XOR, etc. | Gazetteer |
Communication Protocols | HTTP, SMTP, etc. | Gazetteer |
Data Object | clipboard, screen, password, etc. | Gazetteer |
Regkey | HKCU/Software/Microsoft/Windows/CurrentVersion/Run | Regex |