Direct answer
What is a CERT handoff pack? It is a structured evidence and intelligence package that lets a CERT, regulator or abuse desk understand and act on a phishing case.
What belongs in a handoff
Indicators, screenshots, HTML or scan evidence, source provenance, liveness state, timestamps, confidence, graph links, kit weakness summaries, redaction status and analyst decisions.
Why uncertainty is useful
A good handoff separates confirmed abuse, corroborated suspicion, review candidates and context-only signals so recipients know what can be acted on immediately.
Export readiness
STIX, MISP, CSV, JSONL, PDF and evidence bundles should all carry provenance, confidence, freshness, liveness, Belgian relevance and detail URLs.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What is a CERT handoff pack?
It is a structured evidence and intelligence package that lets a CERT, regulator or abuse desk understand and act on a phishing case.
Why include graph context?
Graph context shows related domains, brands, sources, evidence, kits, campaigns and fraud routes that a flat indicator list misses.