These formats are used to represent certain characteristics of threats, e.g. system libraries used by a malware sample, that have been explicitly identified by the producer of the information. This kind of information is often referred to as "indicators", "detection indicators" or, more narrowly, "indicators of compromise" since it can be used to detect attacks and other malicious activity, e.g. botnet communication.