Refer to these steps as submission guidelines:

1. Check the hashes if samples are available. This can be acquired through your security admin or by searching through 3rd party sources.
2. IocS  may be in the form of:
   • File Hashes: SHA1, SHA256, MD5
   • URLs
   • IP Addresses
   • Domains
3. Compile the information in a text file or a CSV file. Make sure that:
   • There are no special characters on the hashes.
   • Sections for hashes, URLs, IP addresses, and domains are separate.
4. Indicate the source of the hashes or advisories. You may attach the corresponding document to the case as reference.
5. If Trend Micro recognizes the hashes submitted, the detection name will be provided on the results email.
6. For file hashes / IOCs that are not recognized in our database, this can be an indication that the file for the corresponding hash is not publicly available or the sample has not crossed our scanners.
7. If a hash result needs to be disputed, you may upload the respective sample for further analysis.