THREATMOSAIC: collection, curation and enrichment of indicators of compromise (IOCs)
DOI:
https://doi.org/10.61467/2007.1558.2025.v16i3.848Keywords:
threat indicators of compromise, cyber intelligence, threat information sharing IOCAbstract
In this research an experimental software is developed for the classification, analysis and enrichment of indicators of compromise (IOCs), codenamed THREATMOSAIC. This software can import IOCs in bulk, classifying them according to whether they are IPv4, IPv6, URLs, MACs, e-mails, DNS domains or MD5, SHA1 and SHA256 hashes, sorting and sanitizing them in an effective and efficient way. All this is combined with the STIX2.1 standard, generating a directional graph enriched with information obtained from analysis through third-party REST APIs. Mainly information collected through services such as Virus Total, Abuse IPDB, IP Stack or Whois. Finally, the software allows sharing threat information in STIX2.1 format through the TAXII protocol via a server to which requests can be made from threat exchange platforms.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Combinatorial Optimization Problems and Informatics
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
