FunesA minor pet peeve that comes up every time I have to read through stacks of threat reports: Improperly attributed agency when describing an infection chain. Usually seen as someone giving the malware being delivered the agency of the TA or campaign that delivered it. No, some commodity malware is not adopting a new delivery method. The malware and the delivery method are both tools being used and neither is dictating the use of the other. Unless it can be shown that they are a part of a package deal, then that should be the highlighted attribution and is much more informative.