Examples of host based indicators include but aren’t limited to: registry keys, process mutexes, service names, directory and file paths, and file attributes such as SHA256 hash and compile time. Network based indicators include but aren’t limited to: domains, IP addresses, URLs, HTTP user-agents, BGP prefixes, ASNs and whois information about IPs and domains. Two distinct methods of analyzing raw data for deriving intelligence are active probing and passive monitoring. Each of these methods has their own strengths, weaknesses, and applicable scenarios.