Threat Library

The Threat Command Threat Library is a researched, organized, searchable library about known threat actors, malware, and campaigns (cyberterms).

From the Threat Library page, you can find details on cyberterms and related information and see information in the TIP IOCs, Investigation, and IntelliFind pages.

Incident response teams and researchers can use the Threat Library to research and investigate, spot trends, and gain contextual intelligence regarding threats targeting geographic regions, including threat actor engagement and reconnaissance.

You can upload documents to existing cyberterms for your own, internal needs. This can turn the Threat Library into your internal knowledgebase of threat information.

temporary placeholder

Cyberterm tiles are sorted by most recent update date. The page above is also filtered by target sector.

You can search by company, industry, the trending threat actors, malware, and campaigns, and by names of attached files.

You can also filter by the following:

To find threats that match thisUse this filter
Targeted sectorsTarget Sector
Select sectors (or General ).
Targeted countryTarget Country
Select countries (or Global)
A specific type of threatType
Select Malware, Threat Actor, or Campaign.
Within a date rangeReport Date
Select the date range.
Geographic origin of the threatOrigin
Select countries.
A specific TTPTTP
Select TTPs.
Threats that you have marked for monitoringMonitored
Select Show only monitored cyber terms.
Cyberterms related to specific MITRE techniquesMITRE Technique
Select techniques.
AttachmentsWith Attachments
Select to find only cyberterms to which attachments have been uploaded.

When you filter, you'll see how many cyberterms match your filter. In the figure above, 151 cyberterms match the filter.

For your convenience, filters are persistent over sessions; the display will be filtered the same way until you change the filters.

Each cyberterm tle shows several overview details. To see the full details, click the cyberterm tile.

temporary placeholder

In addition to the obvious details, you can also see:

Typetemporary placeholder campaign
temporary placeholder malware
temporary placeholder threat actor
OriginGeolocation from where they operate
IntelliFind trendThe IntelliFind trend graph of mentions of this cyberterm
MonitoringTurn monitoring on or off.
When a cyberterm is being monitored, an email will be sent
any time the term is updated.
SeverityThe IntSights severity
AttachmentIf an internal document is attached to the term.

Monitored threats

Based on user settings in My Profile > Notifications, you can receive email notifications for new threats of specific severities.
When you monitor a specific cyberterm, you will also be notified for all changes about that cyberterm.

To turn monitoring on (or off):

  1. From the Threat Command main menu, choose TIP > Threat Library.
  2. Search for the cyberterm that you want to monitor.
    The cyberterm is displayed:
    temporary placeholder
  3. Click the monitoring icon to turn monitoring on (or off).

Upload documents to cyberterms

You can upload documents to existing cyberterms, and then preserve and manage that information within your own Threat Library knowledgebase.