Quickly Extract Those IOCs using CTIX’s Brand New IOC Extraction Tool

Quickly Extract Those IOCs using CTIX’s Brand New IOC Extraction Tool - Featured Image

STIX 2.0 Jun 8, 2018

With every passing day, the cyber threat landscape continues to rapidly evolve with new threat actors, sophisticated tools and techniques, and improved mitigation efforts to counter them. Security researchers are constantly being bombarded with new, reliable intel to sift through, analyze and address through robust solutions.

To streamline the process and ease these woes, Cyware Threat Intelligence eXchange (CTIX) has incorporated an IOC Extraction tool for researchers to easily segregate and analyze threat intel data from other text. Leveraging STIX/TAXII based feeds and non-standard data sources like email, CTIX enables real-time intelligence submission and sharing through the latest version of STIX 2.0, an industry-standard, structured language used to communicate IoCs and valuable cyber threat data.

CTIX integrates several popular as Shodan, Virus Total and WhoIs to give analysts a single, rich and easy-to-use platform to receive, analyze and disseminate valuable cyber threat intelligence. To further enrich the CTIX experience, the newly added IOC Extraction allows researchers to extract key information quickly and efficiently.

For instance, a researcher has received a document containing background information and history about the new attack group Orangeworm. The document also includes some IOCs such as file names and dropper hashes, dynamic link libraries (DLLs), C&Cs, etc. Using CTIX’s new IOC Extraction tool, the user can simply upload the document or copy and paste the text to extract just the IOCs. The tool translates and segregates the free text or document uploaded into separate viewable sections - like MD5, SHA1, domain addresses and IPv4 - in a clean, easy-to-read format for the researcher to swiftly parse through.

The tool also comes with a Fang-Defang option for the user to choose whether he wants to view the extracted values as live links (Fanged) or in a safer, readable format (Defanged) to be shared with peers.

With these new enhancements, CTIX offers organizations and analysts a single, comprehensive platform to receive, analyze and share structured threat intelligence. The integration of this new tool helps CTIX streamline yet another redundant and tedious process during threat analysis and research and significantly reduces the risk of alert fatigue. By empowering security analysts with a richer, highly advanced platform equipped with everything they need to analyse new threats, CTIX helps improve the security maturity of professionals and, in turn, their organization, to better secure their defense systems and end-users.

Related Blogs

Maximize Threat Intelligence Value with Custom Scores in Intel Exchange - Featured Image

Maximize Threat Intelligence Value with Custom Scores in Intel Exchange

The ability to prioritize and efficiently handle threats is paramount. Cyware’s [Intel Exchange](https://cyware.com/products/threat-intelligence-exchange) enhan

Threat intelligenceCTIXIntel ExchangeIntel Exchange (CTIX)
IOC Ingestion Made Easy with CTIX-Slack Integration - Featured Image

IOC Ingestion Made Easy with CTIX-Slack Integration

Cyware has integrated its threat intelligence exchange platform, [Intel Exchange (CTIX)](https://cyware.com/products/threat-intelligence-platform) with the popu

CTIXCTIX/Slack IntegrationCTIX/Slack
Analyze Malicious Files in a Sandboxing Environment with Cyware’s Intel Exchange (CTIX) - Featured Image

Analyze Malicious Files in a Sandboxing Environment with Cyware’s Intel Exchange (CTIX)

Sandboxing provides a safe environment where security teams can detonate malicious programs, files, or URLs to analyze and observe their behavior. With the rele

SandboxingCTIXThreat Analysis