@krypt3ia My experience is that a lot of what comes out of corpo CTI feels like reporting for the sake of reporting. Too many seem to follow some kind of newsie/govie format that has no depth. Leaving the other cybersecurity teams nothing to go on. Can’t make decisions, change strategy, defenses, detections, etc. We asses with moderate confidence that vendor A code name X, aka vendor B code name Y, aka code name Z is doing MITRE id’s 1, 2, 3 as part of ongoing efforts to “make money” in the Americas. Sigh.