Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When investigating a specific (e.g. certain regional flavors) malware campaign, the involved group of seemingly different samples may be large, but the actual infrastructure dropping the next stage malware usually is not. If you have a big database of latest malware, using our new context/similarity search, it has become a lot easier to quickly assess the scope and download network connections in bulk. That data can then be used to cross-reference check your corporate network and/or update your firewalls/defenses.

Step-by-step guide

Let us start out with a recent financial malware campaign (note: to follow the steps, please login with your user account) that was immitating a financial group: https://www.hybrid-analysis.com/sample/e1b31fa2c0fb0744d449042298003c4d5471b86445267c8b953eccf58ab3cfae?environmentId=100

...

Info

The more malware you share with the community at either https://www.hybrid-analysis.com/ or https://www.reverse.it/, the better we will be able to give back relevant data to the community. If you have any feature requests/comments or recommendations, drop us a line at support@payload-security.com or https://twitter.com/payloadsecurity

Content by Label
showLabelsfalse
max5
spacesVSKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("response","investigation","incident") and type = "page" and space = "VSKB"
labelsincident response investigation

...