This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Unit 7 of REMA
A capstone unit that ties the technical content of Units 1-6 to the analyst workflow expected in industry: IOC extraction and pivoting, MITRE ATT&CK technique mapping, and writing the analysis report that becomes the deliverable to defenders and decision-makers.
Learning outcomes
The first task after a sample lands on the analyst desk: extract Indicators of Compromise — file hashes, network artifacts, registry keys, mutex names, and YARA-matchable byte patterns. The second task is pivoting: using one IOC to find related samples, infrastructure, and campaign linkages through VirusTotal, MalwareBazaar, and OpenCTI.
MITRE ATT&CK is the industry-standard taxonomy for adversary behaviour. This topic covers how to map observed malware actions to the correct tactics and techniques, the difference between technique inference and technique observation, and the use of ATT&CK Navigator to communicate findings to defenders.
The analyst report is the final deliverable: it tells defenders what to block, what to hunt for, and what the threat means in operational terms. This topic covers the standard report structure, the audience separation between executive and technical sections, and common reporting failures.
Test your understanding of all Unit 7 topics — IOC extraction and pivoting, MITRE ATT&CK technique mapping, and writing the malware analysis report — with 20 multiple-choice questions. A certificate is issued on your first passing attempt.