We use cookies to improve your experience. Do you accept?

Skip to main content

Quickly Extract Those IOCs using CTIX’s Brand New IOC Extraction Tool

Quickly Extract Those IOCs using CTIX’s Brand New IOC Extraction Tool - Featured Image

STIX 2.0 Jun 8, 2018

With every passing day, the cyber threat landscape continues to rapidly evolve with new threat actors, sophisticated tools and techniques, and improved mitigation efforts to counter them. Security researchers are constantly being bombarded with new, reliable intel to sift through, analyze and address through robust solutions.

To streamline the process and ease these woes, Cyware Threat Intelligence eXchange (CTIX) has incorporated an IOC Extraction tool for researchers to easily segregate and analyze threat intel data from other text. Leveraging STIX/TAXII based feeds and non-standard data sources like email, CTIX enables real-time intelligence submission and sharing through the latest version of STIX 2.0, an industry-standard, structured language used to communicate IoCs and valuable cyber threat data.

CTIX integrates several popular as Shodan, Virus Total and WhoIs to give analysts a single, rich and easy-to-use platform to receive, analyze and disseminate valuable cyber threat intelligence. To further enrich the CTIX experience, the newly added IOC Extraction allows researchers to extract key information quickly and efficiently.

For instance, a researcher has received a document containing background information and history about the new attack group Orangeworm. The document also includes some IOCs such as file names and dropper hashes, dynamic link libraries (DLLs), C&Cs, etc. Using CTIX’s new IOC Extraction tool, the user can simply upload the document or copy and paste the text to extract just the IOCs. The tool translates and segregates the free text or document uploaded into separate viewable sections - like MD5, SHA1, domain addresses and IPv4 - in a clean, easy-to-read format for the researcher to swiftly parse through.

The tool also comes with a Fang-Defang option for the user to choose whether he wants to view the extracted values as live links (Fanged) or in a safer, readable format (Defanged) to be shared with peers.

With these new enhancements, CTIX offers organizations and analysts a single, comprehensive platform to receive, analyze and share structured threat intelligence. The integration of this new tool helps CTIX streamline yet another redundant and tedious process during threat analysis and research and significantly reduces the risk of alert fatigue. By empowering security analysts with a richer, highly advanced platform equipped with everything they need to analyse new threats, CTIX helps improve the security maturity of professionals and, in turn, their organization, to better secure their defense systems and end-users.

Related Blogs