Malware Intelligence
Sophisticated cybercriminals are continuously launching new attacks against organizations using constantly updated malware, infrastructure and TTPs. They operate in “always on mode” and so should you.
Our Malware Intelligence offering leverages our internal TRAP (Technical Research and Analysis Platform) capability to provide our clients with an “always on” malware intelligence collection and monitoring system. TRAP consists of a number of core components most notably the Malware Emulation and Tracking System (METS) that programmatically monitors for state changes at the malware controller level. This provides our clients constant coverage over top-tier malware families and near real-time alerting of targeting changes, spamming and malware campaigns, updates in infrastructure and much more. The delta from an adversary action to our clients being informed is within minutes.
Deliverables include
In-depth Malware Intelligence Reports providing analysis of malware families and features, network traffic, how to identify, detect and decode it, extract and parse its configuration, control server(s) encryption key and campaign ID
YARA Rules and IDS Signatures to accurately identify the identification and detection of malware families, malicious network traffic and improve detection systems
In-depth Tactics, Techniques, Procedures and Context to enable a detailed understanding when events are detected and blocked – including but not limited to linked malware family and version, encryption key, botnet ID, plugins used, expiration time and associated intelligence requirement(s)
Malware and Botnet Configuration Information providing decoded, decrypted and/or parsed configuration enabling insight on specific targets of banking trojans and the ability to pivot between seemingly unconnected campaigns or samples from the same threat actor
Timely and high-fidelity File and Network Based Indicator feeds that can be automatically ingested and operationalized within security stacks to block and detect malicious activity from malware
In depth Monitoring of Command and Control (C&C) servers to capture commands and updates initiated by threat actors to includes their reconnaissance looking for internal executables