Allegretta, MauroSiracusano, GiuseppeGonzález Sánchez, RobertoVallina Rodríguez, PelayoGramaglia, Marco2023-04-172023-03-232023 18th Wireless On-Demand Network Systems and Services Conference (WONS). IEEE, 2023. Pp. 100-103.978-3-903176-56-0https://hdl.handle.net/10016/37100Proceeding of: 2023 18th Wireless On-Demand Network Systems and Services Conference (WONS), 30 January 2023 - 01 February 2023, Madonna di Campiglio, Italy.The forensic analysis of Cyber Threat Intelligence (CTI) data is of capital importance for businesses and enterprises to understand what has possibly gone wrong in a cybersecurity system. Moreover, the fast evolution of the techniques used by cybercriminals requires collaboration among multiple partners to provide efficient security mechanisms. STIX has emerged as the industrial standard to share CTI data in a structured format, allowing entities from over the world to exchange information to broaden the knowledge base in the area. In this work, we shed light on the type of information contained in these datasets shared among partners. We analyze a large real-world STIX dataset and identify trends for the reporting of CTI data. Then, we deep dive into two kinds of attack patterns found in the dataset: Command & Control and Malicious Software Download. We found the data is not only useful for forensic analysis but can also be used to improve the protection against new attacks.4eng© 2023 International Federation for Information Processing (IFIP) / IEEE.Wireless communicationForensicsKnowledge based systemsCollaborationMarket researchMalwareCyber threat intelligenceconference paperTelecomunicacioneshttps://doi.org/10.23919/WONS57325.2023.10061921embargoed access1001032023 18th Wireless On-Demand Network Systems and Services Conference (WONS)CC/0000034157