Actively track weaponized and productionized threats
The core of Intel 471 Malware Intelligence is our unique and patented Malware Emulation and Tracking System (METS). METS provides ongoing surveillance of malware activity at the command and control level delivering near real-time insights and deep context in support of numerous cybersecurity and intelligence use cases, such as:
Security Operations (NOC/SOC)
Third-party Supplier and Vendor Risk
Malware Lifecycle Timeline
In-depth Malware Intelligence Reports
In-depth Malware Intelligence Reports providing analysis of malware families and features, network traffic, how to identify, detect and decode it, extract and parse its configuration, control server(s) encryption key and campaign ID.
In-depth Tactics, Techniques, Procedures and Context
In-depth Tactics, Techniques, Procedures and Context to enable a detailed understanding when events are detected and blocked – including but not limited to linked malware family and version, encryption key, botnet ID, plugins used, expiration time and associated intelligence requirement(s).
Timely and high-fidelity File and Network Based Indicator feeds
Timely and high-fidelity File and Network Based Indicator feeds that can be automatically ingested and operationalized within security stacks to block and detect malicious activity from malware.YARA rules
YARA Rules and IDS Signatures
YARA Rules and IDS Signatures to accurately identify the identification and detection of malware families, malicious network traffic and improve detection systems.
Malware and Botnet Configuration Information
Malware and Botnet Configuration Information providing decoded, decrypted and/or parsed configuration information enabling insight on specific targets of banking trojans, spam campaigns or other secondary malware payloads.
In depth Monitoring of Command and Control (C&C) servers
In depth Monitoring of Command and Control (C&C) servers to capture commands and updates initiated by threat actors to include secondary payloads, plugins, modules and anything delivered to the “bot” from the adversary. All data is available for download for local processing and analysis.