Campaign Intelligence

The Campaign Intelligence app collects and organizes information about active threat campaigns.

Campaign Intelligence is an always up-to-date information resource for active campaigns, security threats, and software vulnerabilities, curated by Trend Micro threat experts. The Intelligence Data section pulls the latest data about a selected threat from Trend Micro and third-party sources. The Impact Scope section highlights evidence of threats found in your environment.

  • A campaign is a set of malicious activities carried out by a threat actor to target an organization, region, or industry. Campaigns typically use specific techniques (TTPs) and can be identified by threat types such as intrusion sets, ransomware, APT attacks, or software vulnerabilities.

The following table describes the sections of the Campaign Intelligence app.



Campaign list

The left column lists the names of currently active threats, along with the threat type and date of the most recent data update. Threats impacting your organization display at the top of the list and are indicated by a red bullet.

Campaign overview

The top section contains a summary and description of the selected threat or vulnerability.


Because security threats are often named by security vendors with each vendor applying a different name, security threats often have numerous names. You can find a list of alternative names in next to AKA.

Intelligence Data

The Intelligence Data section collects available data about the selected threat from Trend Micro and third-party sources.

You can view detailed information on the following tabs.

  • Intelligence Reports: Lists intelligence reports associated with the selected threat

    For more information, see Intelligence Reports.

  • Tactic, Technique, and Procedures: Lists TTPs associated with the selected threat

    Click the tactic name to view more information on the MITRE website.

  • Tools: Lists benign software applications exploited by the selected threat

    For example, Microsoft PowerPoint is a benign application that can be exploited by threat actors hiding malware in a macro.

  • Malware: Lists malicious software used by the selected threat

  • CVEs: Lists CVEs associated with the selected threat and includes the CVE number, CVE description, and affected operating systems


    CVEs (Common Vulnerabilities and Exposures) are publicly disclosed computer security flaws.

  • Indicators: Lists objects, such as URLs and file hashes, associated with the selected threat


    The indicators listed are sourced from curated intelligence reports. The threat may be associated with other indicators.

Impact Scope

The Impact Scope section displays any Workbenches associated with the selected threat and any servers or desktops containing matched indicators of the selected threat.