The present invention generates an IoC table including at least one of malware IoC, IP blacklist IoC, and URL blacklist IoC by analyzing a previously detected malicious file by analyzing a detection event of an existing security solution, and the generated IoC table By extracting the process and procedures (TTPs) of the malicious suspicious file, it not only provides fragmentary information about the targeted attack, but also provides visibility on the detailed techniques and procedures of the attack.
展开▼
