Tag Archives: Intel

Open Threat Exchange

Open Threat Exchange is a threat intelligence platform from Alien Vault. It is not limited to use this platform to get intel information.

When you register and log in to OTX, you can easily see the summary of the threats in “Subscribed Pulses” section.

Let’s choose a threat, called “Wiper luring the Olympic Games”. When we click, we can see details of the threat like a brief description, reference, tags for searching easily later, and TTP Id for Att&ck.

In the same page, in Indicator of Compromise section, we see IoCs of this threat. For this example, we have an MD5, a SHA1 and a SHA256 hash values as IoC. These IoCs have more details and you can easily see the details with blue “go to details” button at the right of the IoC.

We have more details here like file type, size, different hash values, metadata information, and VirusTotal check.

In the main page of the pulse, you can download the IoCs in different forms. You can easily download and use these IoCs to detect the threats.

In the Browse tab of OTX, it is classified by pulses, groups, indicators, malware families, industries and adversaries. It is valuable to search for specific threat actors and their TTPs, and IoCs to detect them.

OTX also provides to create pulses and API connection. It has a simple user interface so do not want to touch all menus here.