“Finding the Right Solution for OSINT and Investigations”

Join deep dive: Tue, Nov 12, 18:00 CET

Intezer Analyze

By Intezer
Automate end-to-end malware investigations with genetic malware analysis.
# Malware # TTPs # Cybercrime # Incident Response
Intezer integration for Maltego

Intezer Analyze Transforms for Maltego

Intezer Analyze is an all-in-one malware analysis platform, helping incident response and SOC teams streamline the investigation of any malware-related incident. With the Intezer Transforms, malware investigators and threat analysts can get answers quickly about any suspicious file or endpoint, classify suspicious files and machines in seconds, accelerate response time, and consolidate multiple malware analysis tools into one.

Intezer’s integration with Maltego provides a unique layer of the relation between different files that share the same DNA. The combination of Intezer’s malware classification and Maltego’s visualization allows threat intelligence teams to streamline their malware analysis process.

Intezer uses both static and dynamic sandbox execution for code extraction, together with other artifacts such as network IoCs, which is available in Intezer’s Maltego integration as well.

With Intezer Transforms, investigators can optimize cyber malware analysis process by:

  • Getting a malware classification based on malware family resolution.
  • Finding related files based on code reuse.
  • Extracting dynamic IoCs such as dropped executables and network behavior

Intezer use case in Maltego

Typical Users of Intezer Data

  • Threat Intelligence Teams
  • Malware Research Teams
  • Incident Response Teams
  • SOC Teams
  • CERTs

Integration Benefits

Identify Malware Ancestry

Find relations between different files and software by breaking down the code and comparing their DNA with all previously seen code, both legitimate and malicious.

Visualize Actionable Malware IOCs

Intezer uses both static and dynamic sandbox execution for code extraction, together with other data such as network IoCs. The combination of Intezer’s malware classification and Maltego’s visualization allows Threat Intelligence teams to streamline their malware analysis process reducing false positives and duplicate alerts.

Enrich Existing Threat Intelligence and Attribution

Gain comprehensive perspective in investigations by combining disparate data sources. Pivot off from or to Intezer data sets from other data entities and sources available on the Maltego Transform Hub.

Leverage Intezer Analyze Data for

Detecting, Identifying and Analyzing Cyber Threats through Malware and Threat Actor Classification

Binary code reuse is ubiquitous in almost every Malware Family. Intezer classifies malware by breaking down the DNA of files and tracing them to their origins. This helps detect new threats or threat variants which may have used even small bits of the earlier code. Threat Intelligence and Security teams can then prioritize and properly respond to incidents based on risk and severity.
Read more

Resources

Articles

Investigator Toolkit June 2023: Cheat Sheets for Faster and Spot-on Workflows

Webinar | Using Generic Malware Analysis to Investigate Fancy Bear and Other Malware

Solution Brief

Intezer Solution in Maltego

Technical Docs

Technical Documentation for Intezer Analyze Transforms

Contact

Reach out to us to learn more about this data integration and how to access it.
By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About Intezer

Intezer has created the world’s first cyber immune system against malicious code. The company detects mutations of any threat seen in history by recognizing even the slightest amount of code reuse. Intezer’s all-in-one malware analysis platform enables you to: scan files, scan endpoints and memory dumps, and get fast verdicts as to malware family, TTPs, IoCs and more.

For more information, visit: https://www.intezer.com