Data security threats pose a major operational and financial risk for individual persons and businesses. The threats typically occur due to attacks upon enterprise networks of businesses. Typically, the attacks utilize malicious computer software, or malware, that targets devices within the enterprise networks. In examples, the target devices include data communications equipment such as firewalls, user account databases, information servers, protocol routers, and user devices. Examples of user devices include smartphones, tablet computing devices, and laptop computers running operating systems such as Windows, Android, Linux, or IOS, in examples. Windows is a registered trademark of Microsoft Corporation. Android is a registered trademark of Google, Inc. IOS is a registered trademark of Apple, Inc.
Attack actors often use malware as a key component of their attacks upon devices in the enterprise networks. The techniques or actions that the actors take when launching their attacks are also referred to collectively as Tools, Tactics, and Procedures (TTPs). Malware is often designed to disrupt network communications, gain control over computers or networks, or secretly gather personal information about users, businesses, and government entities. Malware typically includes viruses, trojans, adware, and spyware, to list a few examples. Analysis of TTPs and the malware utilized therein can provide useful information for preventing an attack, attributing an attack to a specific actor, and to predict future attacks, in examples.