Data security threats pose a major operational and financial risk for individual persons and businesses. The threats typically occur due to attacks upon enterprise networks of businesses. Typically, the attacks utilize malicious computer software, or malware, that targets devices within the enterprise networks. In examples, the target devices include data communications equipment such as firewalls, user account databases, information servers, protocol routers, and user devices. Examples of user devices include smartphones, tablet computing devices, and laptop computers running operating systems such as Windows, Android, Linux, or IOS, in examples. Windows is a registered trademark of Microsoft Corporation. Android is a registered trademark of Google, Inc. IOS is a registered trademark of Apple, Inc.
Attack actors use a variety of techniques to launch attacks upon user devices in enterprise networks. The techniques or actions that the actors take when launching their attacks are also referred to collectively as Tools, Tactics, and Procedures (TTPs). Attacks are often designed to disrupt network communications, gain control over computers or networks, or secretly gather personal information about users, businesses, and government entities. The attacks often utilize malware to compromise processes executing on the user devices. Examples of malware include viruses, trojans, adware, and spyware, to list a few examples. Analysis of TTPs and the malware utilized therein can provide useful information for attributing an attack to a specific actor, and to predict future attacks, in examples.