Fig. 9
From: TriCTI: an actionable cyber threat intelligence discovery system via trigger-enhanced neural network
The verification (using the VirusTotal analysis) for Delivery, Installation, and Command and Control campaign stages of the hash, as well as the Command and Control campaign stages of the domain, IP, and URL discovered from TriCTI. Note: Not det. indicates that the IOCs are found in VT but there are not existing any kind of malicious Relationships to indicate their campaign stages, and Detected represents the number of the IOCs that are found in VT and have at least one malicious Relationships