While indicators help us understand threats to an enterprise, misconceptions exist due to an unclear understanding of what differentiates indicator groupings like the Advanced-Persistent-Threat (APT).
This data-driven presentation will focus on comparing indicator groups based on enrichment data and actor tactics. From these observations, we will identify situations where threat intelligence producers confuse threat groups. Some threat groups are easily confused based on enrichment data such as exploit, malware and phishing domains. Other threat types are not confused with other malicious threat groups such as spam domains. Disambiguating indicator groups and understanding indicator group characteristics can enable more rapid triage and better distinguish adversary patterns in threat intelligence.
NOTE: A valid email address is required to receive your requested asset.