Know your enemies: An approach for CTI teams

**Executive Summary:** This VirusTotal Threat Landscape walkthrough demonstrates how CTI teams can track TA505's Locky ransomware activity using sandbox-derived TTPs (notably MITRE T1486), collections and telemetry (including a Locky collection of ~510 samples), and crowdsourced detection rules; it provides actionable IoCs and Livehunt filter examples (file types/sizes, imphash, icon dhash, command-execution and memory-pattern indicators) to improve hunting and defenses for targeted sectors such as financial services.