GENETIC MALWARE ANALYSIS

As a CISO, I am constantly looking for innovative

security technologies like Intezer that go beyond standard tools. Its technology provides an unparalleled visibility of every piece of code running in the network. Intezer’s leading technology and its talented team of cybersecurity experts is the type of solution our security team needs to deal with advanced threats.

CISO, Large Telecom Company

SOFTWARE IS EVOLUTIONARYGenetic Malware Analysis is based on the evolutionary principle that all software, whether legitimate or malicious, is comprised of previously written code. Malware authors leverage code reuse when employing new campaigns. For defenders, this

sophistication and threat actor capabilities.

IDENTIFYING PATTERNS IN CODE REUSE

genome database containing billions of genes from trusted and malicious software. Think the Google of binary code. Detecting

their relevant malware families.

WHY INTEZER?Identify the origin of every piece of code, within seconds.

Highlight unique, never-before-seen code, crucial for detecting new threats that have been written from scratch.

Better tailor your response by understanding what type of threat you are dealing with. For example, a generic malware,

agencies, including APT28, MirageFox, NotPetya and WannaCry.

GENETIC MALWARE ANALYSIS FOR THREAT INTELLIGENCE

Intezer provides true threat intelligence as opposed to the threat data that most other solutions mischaracterize as intelligence. In my absence, Intezer provides other members of the team an easy-to-use safety net for unknown binaries. The solution is simple to operate and immediately provides answers without requiring an in-depth understanding of malware analysis. For more experienced analysts, Intezer allows for the rapid dismissal or elevation of suspect files coupled with attribution data that simply isn’t present with the same fidelityin other threat intelligence products. —IT Security Analyst, Global Manufacturing Company

Powered by Genetic Malware Analysis technology, Intezer Analyze™ provides automated malware analysis. By identifying code reuse to previously seen malware, Intezer Analyze™ is quickly able to identify the origins of any malicious file—providing cybersecurity teams with critical insights for enriching threat intelligence and proactively hunting for new cyber threats targeting their organization.

ENRICH EXISTING THREAT INTELLIGENCEWithin seconds, Intezer Analyze™ automatically provides reverse engineering level insights into any suspicious file or hash that requires investigation, including:

Malware Family Classification Understanding if a threat is a generic malware, ransomware, or a nation-state sponsored attack, for example, helps cybersecurity teams better assess the intent and sophistication level of the malware.

Attribution Genetic Malware Analysis has attributed APTs with connections to nation-state actors, including APT3, MirageFox, and NotPetya. Intezer was the first company to attribute the WannaCry ransomware attack to North Korea in 2017, before leading engines and government agencies.

Relevant Strings Detect genetically similar strings and text segments that were seen in other malware samples, such as URLs, IP addresses, comments, and more. This provides threat intelligence analysts with additional context for their investigations, and can help to extract critical IOCs.

File Analysis Endpoint Analysis Reverse Engineering Tools

v

USE CASES

OBTAIN CLEAR ANSWERSABOUT ANY SUSPICIOUS FILE

Does it contain unique or malicious code?

Is the threat similar to a previously handled incident?How should I tailor my response?

a simple API, functioning as a plug-and-play solution for your incident response team and daily cybersecurity monitoring. Use this powerful analysis through an intuitive GUI, automatic API, or in many integrations to other security products such as SIEM and SOAR systems.

Powerful Threat Intelligence

Improve SOC &Accelerate IR

Enable Protection

• Automate malware analysis

• Classify threats automatically, within seconds

• Reduce false positives

• Memory Analysis: Analyze entire memory dumps, process dumps, or fileless code dumped from memory

• Enrich existing threat intelligence

• Attribution

• Accelerate reverse engineering

• Automatically generate YARA rules to improve hunting capabilities

• Integrate with existing security solutions (gateways or endpoints) to improve malware detection systems or processes

• Detect malware and sophisticated APTs where other methods fail

Immediate registration

Detect code reuse in trusted and malicious software

Obtain new insights about malware families and threat actors

API. Create automation scripts and produce plugins with other security systems

JOIN OUR COMMUNITY.

For more information, visit www.intezer.com or follow us on Twitter at @IntezerLabs.

TRY IT NOW FOR FREE.

FEATURES AND BENEFITS

Optimize resources with classified threats

Reduce the time to remediation

Uncover hidden in-memory attacks

Seamless integration with security processes

Strengthen existing prevention and deterrence using genetic code-based vaccines against any future threat that uses similar code

ADVANCED THREAT HUNTINGThreat hunting is a proactive technique which can be used to find new or previously unknown malware. YARA signatures based on strings can be easily manipulated, replaced or encrypted by adversaries in order to avoid detection. Code-based YARA signatures, on the other hand, are the most effective for detecting variants of malware that reuse even the smallest fragments of malicious code.

Generate Advanced YARA Signatures. Once Intezer Analyze™ has detected a file as malicious, users can quickly generate and export an advanced YARA signature, based on the malware’s malicious and unique code only. These advanced signatures can be used to proactively hunt for new threats in the following scenarios:

1) Scan for Infected Endpoints within your Network. Using Intezer Analyze’s code-based YARA signatures, scan your organization’s endpoints to identify infected machines. 2) Hunt for Additional Samples. Threat intelligence teams can upload code-based YARA signatures to other systems—for example, VirusTotal Hunting—in order to proactively hunt for new samples. Since Intezer’s YARA signatures are based on a sample’s malicious and unique code only—and not trusted code from shared or embedded libraries—the signatures will generate more accurate hits.

Related Samples. For every malware family, Intezer Analyze™ provides related variants, in order to enrich the user with additional malware samples that may be targeting their organization.

In the below example, a suspicious file hash is uploaded to Intezer Analyze. Intezer Analyze provides a malicious verdict and classifies the malware as a variant of Lazarus. After clicking on the Lazarus family, the user is enriched with over 70 additional Lazarus samples!

About IntezerIntezer introduces a Genetic Malware Analysis technology, offering enterprises automated malware analysis for improving their security operations and accelerating incident response. Intezer’s platform provides a fast, in-depth understanding of any device or file by mapping its code DNA at the ‘gene’ level. By identifying the origins of every single piece of code within seconds, Intezer can quickly detect code reuse to known malware, as well as code that was seen in trusted applications. For more information, visit www.intezer.com

Intezer Analyze™ detects an unknown

file as malicious

Classifies the malware as a variant of Lazarus,

based on code reuse and similarities seen in

previously seen Lazarus malware

Click on the vaccine icon to quickly and

easily export a code-based YARA

signature, based on the malicious and unique

genes found only in this sample

Proactively hunt for new Lazarus malware, and search for infections in

the network, based on the malicious and

unique code described in step 3