Threat Information Screen

View information about a global threat actor on the threat information screen.

The threat information screen shows detailed information about a threat actor selected from the Campaign Intelligence screen. The Intelligence Data section pulls the latest data about a selected threat from Trend Micro and third-party sources. The Impact Scope section highlights evidence of threats found in your environment.

The following table outlines the information available on the threat information screen (Threat Intelligence > Campaign Intelligence > threat name).




The first section contains a summary and description of the selected threat or threat actor.


Because security threats are often named by security vendors with each vendor applying a different name, security threats often have numerous names. AKA lists alternative names for the threat.

Intelligence Data

The Intelligence Data section collects available data about the selected threat from Trend Micro and third-party sources.

You can view detailed information on the following tabs.

  • Intelligence Reports: Lists intelligence reports associated with the selected threat

    For more information, see Intelligence Reports.

  • Tactic, Technique, and Procedures: Lists TTPs associated with the selected threat

    Click the tactic name to view more information on the MITRE website.

  • Tools: Lists benign software applications exploited by the selected threat

    For example, Microsoft PowerPoint is a benign application that can be exploited by threat actors hiding malware in a macro.

  • Malware: Lists malicious software used by the selected threat

  • CVEs: Lists CVEs associated with the selected threat and includes the CVE number, CVE description, and affected operating systems


    CVEs (Common Vulnerabilities and Exposures) are publicly disclosed computer security flaws.

  • Indicators: Lists objects, such as URLs and file hashes, associated with the selected threat


    The indicators listed are sourced from curated intelligence reports. The threat may be associated with other indicators.

Impact Scope

The Impact Scope section displays any Workbench alerts associated with the selected threat and any servers or desktops containing matched indicators of the selected threat.