Intel Codex v2.0: 41 SOPs, Cloud Forensics, and Blockchain Tracing
· 4 min read
A real malware analysis job. The trail went sample → strings → network IOCs → C2 infrastructure → on-chain. The funds went through a mixer.
Halfway through that chain I realized I had solid SOPs for the first half and absolutely nothing written down for the back half. Blockchain address clustering, mixer heuristics, bridge read-flow, how to structure on-chain evidence for court admissibility — I was building all of it on the fly. I finished the job, wrote down what I'd worked out, and that became the seed for what's now in v2.0.
Intel Codex v2.0 ships 11 new SOPs. Most of them exist because a real investigation or assessment hit the edge of what v1.0 covered.