Skip to main content
All Posts
Cyber Threat Intelligence
1
min read

What is Tactical Threat Intelligence?

Tactical intelligence is the most basic form of threat intelligence. It's often used for machine-to-machine detection of threats, and for incident responders.
Justin Swisher
Published on
July 26, 2018
Table of Contents

This is the fourth blog in a series called, “What is Threat Intelligence?”. Continue with the series at the bottom of this page.

Tactical Intelligence

Tactical intelligence is the on-the-ground view, which describes granular, atomic indicators that are associated with known attacks. This is the most basic form of threat intelligence and is often used for machine-to-machine detection of threats, and for incident responders to search for specific known-bad artifacts in enterprise networks. These are your common “IOCs.”

Tactical Intel for APT29

  • 628d4f33bd604203d25dbc6a5bb35b90
  • 2aabd78ef11926d7b562fd0d91e68ad3
  • 3d3363598f87c78826c859077606e514
  • meek-reflect.appspot.com
  • portal.sbn.co.th
  • 202.28.231.44
  • hxxps://files.counseling[.]org/eFax/incoming/150721/5442.zip
  • googleService.exe
  • GoogleUpdate.exe
  • acrotray.exe
  • PCIVEN_80EE&DEV_CAF

Tactical Intel for Education Sector

  • d9b7b0eda8bd28e8934c5929834e5006
  • support@securitygrade[.]org
  • 46.244.4.37
  • Fish love water!!!!!!!!
  • Fish not love cat!!!!!!!
  • parol

Using Tactical Intelligence

Tactical intelligence and IOCs are meant to historically document cyber attacks, serving both as a corpus of evidence (for compliance, law enforcement, investigations, legal purposes, and CYA’s for executives who need to withstand scrutiny on why their company got pwned) and also as reference material for analysts to interpret and extract context for use in defensive operations.

IOCs come from bona fide incidents and malware and are provided to analysts at a tactical level to serve as examples of a particular threat, such as a particular malware sample, malware family, intrusion campaign, or threat actor. IOCs represent a small sample of known-bad things -- not all known-bad things -- and obviously, IOCs cannot find any unknown-bad things.

Think of an IOC as a biological specimen in a laboratory. An invasive plant in the United States is captured and brought back to the lab. It is meant to be studied carefully, weighed and measured, dissected, classified and so forth. From this study, we may glean insights on where it came from, who created it, its role in the ecosystem, what makes it healthy, and what kills it. We may be able to figure out its perfect environment and use that knowledge to find other plants like it. We may be able to cut it apart and find out how it spreads so quickly. We might be able to use attributes of the plant to find other invasive plants. IOCs require the same study for application in cyber defense.

Check out the other blogs in our series for a deeper look into the types of threat intelligence and how they are used.

What is Threat Intelligence?
What is Strategic Threat Intelligence?
What is Operational Threat Intelligence?

FEATURED RESOURCES

January 13, 2026
Anomali Cyber Watch

Anomali Cyber Watch: Cisco ISE Flaw, Ni8mare, N8scape, Zero-Click Prompt Injection and more

Anomali Cyber Watch: Cisco ISE Flaw Enables Arbitrary File Read via Administrative Access. Ni8mare and N8scape Vulnerabilities Expose n8n Automation Platforms to Full Compromise. Zero-Click Prompt Injection Abuse Enables Silent Data Exfiltration via AI Agents. Phishing Attacks Exploit Misconfigured Email Routing to Spoof Internal Domains. Ransomware Activity in the U.S. Continued to Rise in 2025. Android Ghost Tap Malware Drives Remote NFC Payment Fraud Campaigns. Black Cat SEO Poisoning Malware Campaign Exploits Software Search Results. MuddyWater Upgrades Espionage Arsenal with RustyWater RAT in Middle East Spear-Phishing. China-Linked ESXi VM Escape Exploit Observed in the Wild. Instagram Denies Data Breach Despite Claims of 17.5 Million Account Data Leak
Read More
January 6, 2026
Anomali Cyber Watch

Anomali Cyber Watch: OWASP Agentic AI, MongoBleed, WebRAT Malware, and more

Real-World Attacks Behind OWASP Agentic AI Top 10. MongoDB Memory Leak Vulnerability “MongoBleed” Actively Exploited. WebRAT Malware Spread via Fake GitHub Proof of Concept Exploits. Trusted Cloud Automation Weaponized for Credential Phishing. MacSync macOS Stealer Evolves to Abuse Code Signing and Swift Execution. Claimed Resecurity Breach Turns Out to Be Honeypot Trap. Cybersecurity Professionals Sentenced for Enabling Ransomware Attacks. Google Tests Nano Banana 2 Flash as Its Fastest Image AI Model. RondoDox Botnet Exploits React2Shell to Hijack 90,000+ Systems. Critical n8n Expression Injection Leads to Arbitrary Code Execution
Read More
December 23, 2025
Anomali Cyber Watch

Anomali Cyber Watch: SantaStealer Threat, Christmas Scams of 2025, React2Shell Exploit, Phishing via ISO, and more

SantaStealer Infostealer Threat Gains Traction in Underground Forums. From Fake Deals to Phishing: The Most Effective Christmas Scams of 2025. React2Shell Exploitation Expands With New Payloads and Broader Targeting. Russian Phishing Campaign Delivers Phantom Stealer via ISO Attachments. And More...
Read More
Explore All