Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.
Since we are paying for an RF license, we would like to leverage this connector more effectively to build richer threat context, including malware attribution and related intelligence.
As this is being raised as a feature request in ThreatQ, I wanted to check with the community: are there any alternative solutions or workarounds that others are using to enrich IOCs with malware attribution and deeper threat context?