{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,1,18]],"date-time":"2025-01-18T05:07:21Z","timestamp":1737176841310,"version":"3.33.0"},"reference-count":45,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,12,15]]},"DOI":"10.1109\/bigdata62323.2024.10825640","type":"proceedings-article","created":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T18:31:23Z","timestamp":1737052283000},"page":"2586-2595","source":"Crossref","is-referenced-by-count":0,"title":["No Time to Choose: Leveraging Internet Scans to Determine IoC Lifetimes"],"prefix":"10.1109","author":[{"given":"H.L.J.","family":"Bijmans","sequence":"first","affiliation":[{"name":"Netherlands Organisation for Applied Scientific Research (TNO),Den Haag,The Netherlands"}]},{"given":"M.S.C.","family":"van Leuken","sequence":"additional","affiliation":[{"name":"Netherlands Organisation for Applied Scientific Research (TNO),Den Haag,The Netherlands"}]}],"member":"263","reference":[{"year":"2022","key":"ref1","article-title":"Feodo Tracker"},{"year":"2023","key":"ref2","article-title":"Feodo Tracker \u2014 Blocklist"},{"key":"ref3","first-page":"1093","article-title":"Understanding the mirai botnet","volume-title":"26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017","author":"Antonakakis"},{"key":"ref4","first-page":"3757","article-title":"Catching phishers by their bait: Investigating the dutch phishing landscape through phishing kit detection","volume-title":"30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021","author":"Bijmans"},{"year":"2023","key":"ref5","article-title":"Qakbot: Retool, Reinfect, Recycle"},{"year":"2022","key":"ref6","article-title":"Dridex Malware"},{"key":"ref7","first-page":"433","article-title":"A different cup of TI? the added value of commercial threat intelligence","volume-title":"29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020","author":"Bouwman"},{"article-title":"Case Study: From BazarLoader to Network Reconnaissance","year":"2021","author":"Duncan","key":"ref8"},{"year":"2023","key":"ref9","article-title":"Hosts Data Definitions"},{"year":"2023","key":"ref10","article-title":"Opt Out of Data Collection"},{"year":"2023","key":"ref11","article-title":"Research Access to Censys Data"},{"article-title":"A Guide to Indicator Expiration","year":"2019","author":"Clark","key":"ref12"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"year":"2023","key":"ref14","article-title":"FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown"},{"key":"ref15","doi-asserted-by":"crossref","DOI":"10.17487\/rfc4716","article-title":"The Secure Shell (SSH) Public Key File Format","volume-title":"RFC 4716, RFC Editor","author":"Galbraith","year":"2006"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57878-7_14"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"ref18","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","author":"Hutchins","year":"2011","journal-title":"Leading Issues in Information Warfare & Security Research"},{"key":"ref19","article-title":"Decaying indicators of compromise","volume-title":"CoRR","author":"Iklody","year":"2018"},{"article-title":"Decaying of Indicators - MISP improved model to expire indicators based on custom models","year":"2019","author":"Iklody","key":"ref20"},{"year":"2023","key":"ref21","article-title":"Emotet returns and deploys loaders"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_1"},{"article-title":"QakBot technical analysis","year":"2021","author":"Kuzmenko","key":"ref23"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.59"},{"key":"ref25","first-page":"851","article-title":"Reading the tea leaves: A comparative analysis of threat intelligence","volume-title":"28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019","author":"Li"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2019.8852142"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-18409-3_15"},{"issue":"8","key":"ref29","first-page":"1","article-title":"Exploring emotet, an elaborate everyday enigma","volume":"14","author":"Nagy","year":"2019","journal-title":"A J. Emerg. Med. Serv. JEMS"},{"year":"2023","key":"ref30","article-title":"Official Common Platform Enumeration (CPE) Dictionary"},{"year":"2019","key":"ref31","article-title":"The Value of Threat Intelligence: Annual Study of North American & United Kingdom Companies"},{"year":"2023","key":"ref32","article-title":"HASSH\u201d - a Profiling Method for SSH Clients and Servers"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4899-7687-1"},{"article-title":"Identifying and Defending Against QakBot\u2019s Evolving TTPs","year":"2022","author":"Small","key":"ref34"},{"article-title":"An empirical analysis of phishing blacklists","volume-title":"CEAS 2009 - Sixth Conference on Email and Anti-Spam July 16-17, 2009","author":"Sheng","key":"ref35"},{"year":"2023","key":"ref36","article-title":"Shodan - Search Engine for the Internet of Everything"},{"volume-title":"SSH Server","year":"2023","key":"ref37"},{"article-title":"Exposing initial access broker with ties to Conti","year":"2022","author":"Stolyarov","key":"ref38"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645719"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/CSR57506.2023.10224937"},{"article-title":"Identifying BumbleBee Command and Control Servers","year":"2022","author":"Violetti","key":"ref41"},{"year":"2022","key":"ref42","article-title":"Emotet C2 Configuration Extraction and Analysis"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/INMIC56986.2022.9972973"},{"key":"ref44","first-page":"40","article-title":"Ssh\u2013secure login connections over the internet","volume-title":"Proceedings of the 6th USENIX Security Symposium","volume":"37","author":"Ylonen"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00039"}],"event":{"name":"2024 IEEE International Conference on Big Data (BigData)","start":{"date-parts":[[2024,12,15]]},"location":"Washington, DC, USA","end":{"date-parts":[[2024,12,18]]}},"container-title":["2024 IEEE International Conference on Big Data (BigData)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10824975\/10824942\/10825640.pdf?arnumber=10825640","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,17]],"date-time":"2025-01-17T07:47:42Z","timestamp":1737100062000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10825640\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,15]]},"references-count":45,"URL":"https:\/\/doi.org\/10.1109\/bigdata62323.2024.10825640","relation":{},"subject":[],"published":{"date-parts":[[2024,12,15]]}}}