Intelligence Analysis Methodology
Our threat intelligence profiles are built on rigorous, reproducible methodologies combining quantitative risk assessment frameworks with qualitative expert analysis. This page documents our analytical approaches and scoring systems.
Quantitative Risk Frameworks
Quantifies the probability that a threat actor will adhere to established behavioral patterns based on historical data and operational consistency.
Formula
P_c = (N_consistent / N_total) × 100Variables
P_cARCS Compliance Probability (0-100)N_consistentNumber of operations following established patternsN_totalTotal number of documented operationsInterpretation
Higher scores indicate more predictable behavior patterns, enabling more effective defensive planning.
Measures the likelihood that a threat actor will escalate from espionage to destructive operations based on geopolitical factors and historical precedent.
Formula
ERS = (Σ(w_i × f_i) / Σw_i) × 100Variables
ERSEscalation Risk Score (0-100)w_iWeight assigned to factor if_iFactor score (0-1) for geopolitical, technical, and historical indicatorsInterpretation
Scores above 80 indicate high escalation potential requiring enhanced monitoring and incident response readiness.
Assesses the motivational intensity of a threat actor based on ideological, political, or economic grievances against target nations or sectors.
Formula
GI = (I_political + I_economic + I_ideological) / 3 × 100Variables
GIGrievance Index (0-100)I_politicalPolitical grievance intensity (0-1)I_economicEconomic grievance intensity (0-1)I_ideologicalIdeological grievance intensity (0-1)Interpretation
Higher grievance indices correlate with sustained campaign intensity and reduced likelihood of operational cessation.
Integrates multiple risk dimensions into a single comprehensive threat assessment metric for prioritization and resource allocation.
Formula
CRS = (0.3 × ARCS) + (0.25 × ERS) + (0.2 × GI) + (0.25 × II)Variables
CRSComposite Risk Score (0-100)ARCSAdversarial Risk Compliance ScoreERSEscalation Risk ScoreGIGrievance IndexIIInfrastructure Impact potentialInterpretation
The primary metric for threat prioritization. Scores ≥90 are Critical, 80-89 High, 70-79 Medium, <70 Low.
Immediate threat requiring maximum defensive posture and active monitoring.
Significant threat requiring enhanced security measures and regular assessment.
Moderate threat requiring standard security controls and periodic review.
Lower priority threat with baseline security measures sufficient.
Analytical Methodologies
Multi-source intelligence synthesis methodology that integrates technical indicators, behavioral analysis, and geopolitical context into unified threat assessments.
Vulnerability-centric analysis framework that maps threat actor capabilities to defensive gaps and prioritizes mitigations based on exploitation likelihood.
Adversarial Risk Classification Framework providing standardized threat categorization based on capability, intent, and opportunity dimensions.
Intelligence Sources
Government Advisories
Threat Intelligence Vendors
Academic Research
Open Source Intelligence
Legal Documents
All threat actor profiles include comprehensive mapping to the MITRE ATT&CK framework (version 17), providing standardized technique identification and enabling defensive alignment.
Technique Mapping
Each TTP is mapped to specific ATT&CK technique IDs with contextual descriptions.
Mitigation Alignment
Recommended mitigations reference ATT&CK mitigation IDs for defensive implementation.
Detection Guidance
Technique mappings enable correlation with ATT&CK detection recommendations.