Malware Intelligence is focused on the provision of high fidelity and timely indicators feed with rich context, TTP information and malware intelligence reports. It is made to be operationalized easily out of the box within a customer's environment and is accessible via an online portal, RESTful API and third-party integrations.
The product is focused on helping our customers block and gain an understanding of the latest crimeware campaigns and is for those that value timeliness, confidence (little to no false positives) and seek rich context and insight around the attacks they are seeing.
Intel 471 leverages our best of breed access to top tier cybercriminals including malware developers to obtain early access to the latest malware before large-scale impact has occurred. We then proactively monitor infrastructure used by cybercriminals so as soon as the criminal carries out a new attack, blocking rules are implemented within our customer's environment.
Intel 471's Malware Intelligence product is a lot more than just an indicator feed and features include:
- Malware intelligence reports
- YARA rules
- IDS signatures
- TTP information
- Malware and botnet configuration information including web injects
- Malware command and control (C&C) commands
- File and network-based indicators
- Everything mapped to MITRE's ATT&CK framework
Malware Intelligence can be used to support threat/malware detection, incident response, hunting as well as threat intelligence use cases within SOCs, security and incident response teams.
Current third-party integrations supported are Anomali Threatstream, Trustar, MISP and Splunk although this list will grow rapidly and will be based on customer feedback.