Communication/Encryption Algorithm • Code / Strings Reuse • Metadata(filename, description, version, title, author name) • Mutexes • Behavior Make Enrichment Great Again Infrastructure • Passive DNS • TLS certificate tracking • Correlation through metadata (web server version, hosting provider, HTTP headers, Whois …) • Search of domain names/IP addresses on public sandboxes results • HTTP static content tracking • Network flow https://github.com/threatresearch-issdu/ITHOME2020