Hey there! I’m excited to share with you the awesome new collaboration between Intezer Analyze™ and IBM Resilient. This integration allows users of both platforms to enhance their incident response with exclusive insights from Genetic Malware Analysis technology, such as code and string reuse, malware family categorization, and threat actor attribution.
By leveraging this integration, incident responders can effectively minimize false positives and rapidly identify and address a wider array of cyber threats on a larger scale.
Here are some of the benefits:
- Automatically analyze suspicious files linked to an incident using Genetic Malware Analysis
- Decrease the occurrence of false positives
- Enhance malicious verdicts with distinctive context like malware classification to evaluate the intent and complexity of threats, enabling better prioritization and customization of responses
- Drastically reduce investigation and response time
Here’s how it works:
In the example below, an analysis conducted by Intezer Analyze identified a malicious file as a variant of Leviathan, also known as TEMP.Periscope. Leviathan is a cyber espionage group with alleged Chinese origins, targeting various organizations worldwide since 2014. This threat spreads through spear phishing campaigns, including vulnerable Microsoft Word and Excel documents. The analysis showed a strong connection to Leviathan based on code and string reuse, as well as the presence of two Mimikatz genes, suggesting potential use of the popular credential stealer.Incorrectly responding to an incident can have serious consequences, which is why malware classification is crucial for security teams to tailor their response effectively. Understanding the context of a threat is vital in determining its intent and sophistication level, guiding the appropriate response strategy.
Enterprise users of IBM Resilient and Intezer Analyze can generate automatic code-based YARA signatures to assess the attack’s scale, detect future malware variants, and identify new forms of malware reusing similar code portions.
You can access this integration through the IBM Resilient App Exchange. For more details, visit here or reach out to partners@intezer.com. Remember, you need to be logged in to view the full integration details.
Feel free to explore more insights on malware analysis and cybersecurity on our blog. And don’t forget to check out our other posts like HiddenWasp and the Emergence of Linux-based Threats and Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More.
Stay secure and informed!
- Chen Shafir
Manager, Intezer Partner Network
