Extraction of Malware IOCs and TTPs Mapping with CoAs

The existing threat intelligence management systems are lack of tactic techniques and procedures (TTPs) and suggested course of actions (CoAs) for managing response activities, i.e. detection, prevention, and incident response. The analysis report can be used to extract observables, indicators, incidents, and TTPs for their further mapping with CoAs. The extraction of attack pattern and CoAs association is in charge of processing the collected threat information to extract the observables, indicators, TTP, exploit target, and threat actor. A threat intelligence management and sharing system can have many use cases, but we focus specifically on threat prevention, threat detection, and incident response. The existing threat intelligence management systems are lack of TTPs and suggested CoAs for managing response activities, i.e., incident response and security monitoring activities. The proposed and implemented study provides IOCs, TTPs along with suggested CoAs to provide a broad view of the threat landscape and situational awareness to organizations and incident response teams.