Malware Intelligence | Intel 471 Skip to content

Malware Intelligence

Actively track weaponized and customized threats.

Hero background fallback

LEVERAGE OUR PATENTED MALWARE SYSTEM

Enhance your attack prevention and preparedness using advanced malware threat intelligence. Intel 471’s Malware Intelligence provides in-depth coverage across over 285 malware families and over 60 mobile malware families. Track changes to malware, spam and malware campaigns, infrastructure updates, and much more.

Malware Intelligence provides near-real time proactive insights into malware and related threat actor activity using the Technical Research & Analysis Platform (TRAP), our automated framework for tracking and monitoring malware. 

TRAP is further enhanced with near-real time surveillance of malware activity at the command-and-control (C2) level, providing deep insights and context into malware operations using our unique and patented Malware Emulation and Tracking System (METS). METS delivers near real-time insights and deep context in support of numerous cybersecurity and intelligence use cases.

Malware Intelligence benefits include:

Coverage of 40+ top malware families
Coverage of loaders, information stealers, banking malware, and ransomware
High-fidelity data with low or no false positives
Near real-time malware surveillance data via METS
Track campaigns, C2 infrastructure, and malware updates
Creates efficiencies on cycles required to track malware
Access Yara rules, Spot Reports, in-depth technical reports, actor links, raw data, indicators of compromise
Submit malware samples and RFIs for custom malware research

ROBUST SECURITY COVERAGE

In-depth Malware Intelligence Reports

In-depth Malware Intelligence Reports providing analysis of malware families and features, network traffic, how to identify, detect and decode it, extract and parse its configuration, control server(s) encryption key and campaign ID.

In-depth Tactics, Techniques, Procedures, and Context

In-depth Tactics, Techniques, Procedures, and Context to enable a detailed understanding when events are detected and blocked – including but not limited to linked malware family and version, encryption key, botnet ID, plugins used, expiration time and associated intelligence requirement(s).

Timely and High-Fidelity File and Network-Based Indicator Feeds

Timely and high-fidelity File and Network Based Indicator feeds that can be automatically ingested and operationalized within security stacks to block and detect malicious activity from malware.

YARA Rules and Intrusion Detection Systems (IDS)

YARA Rules and IDS Signatures to accurately identify the identification and detection of malware families, malicious network traffic and improve detection systems.

Malware and Botnet Configuration Information

Malware and Botnet Configuration Information providing decoded, decrypted and/or parsed configuration information enabling insight on specific targets of banking trojans, spam campaigns or other secondary malware payloads.

In-depth Monitoring of Command and Control (c2) Servers

In-depth monitoring of Command and Control (C&C) servers to capture commands and updates initiated by threat actors to include secondary payloads, plugins, modules and anything delivered to the bot from the adversary. All data is available for download for local processing and analysis.

PREVENTATIVE ACTION

MOBILE MALWARE

Mobile Malware, a key feature of our Malware Intelligence product tracks the top tier families focused on systems access, information stealing and financial fraud to allow you to detect and prevent account takeover, two factor authentication (2FA) bypass, fraud and data leakage from employees or customers.

Build a comprehensive picture of the Android malware landscape by combining in-depth analysis and tracking of mobile malware families and instances with tracking of the actors behind the development, sale and use of mobile malware across the underground.

Ask an Expert

Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.