[摘要] Analyzing threats that have compromised electronic devices is important to compromised organizations, researchers, and law enforcement. Examination of network and host based logs and network traffic is effective in identifying threats, the impact, and how to recover from the compromise. However, this form of analysis is very time consuming and requires technical expertise. This traditional form of analysis also only will provide information concerning organizations that have those logs and network flows. A quick and easy to use methodology for generating a high level overview of threats’ targets globally would aid analysts by indicating areas of focus for more in-depth analysis.In this thesis we propose a methodology for synthesizing information from multiple publicly available, scope limited data sets that allows a rapid and cheap compilation of an overview of a threat. This method has the additional benefits of being available to researchers outside of compromised organizations and of being possible when logs and network flow do not exist. Once the approach has been implemented, it can be used to analyze multiple threats. This is demonstrated by two case studies, one examining a persistent threat called Advanced Persistent Threat 1 and the other overviewing a more traditional threat, the malware family Mabeza Infected.