Threat Intelligence

Malware is any software that does something that causes damage to the user, computer, or network—such as viruses, Trojan horses, worms, root kits, and spyware.

Malware analysis involves two key techniques: static analysis and dynamic analysis.

1. Static analysis examines malware without actually running it.

Log collection is the heart and soul of a SIEM, OBELUS collects and stores log files from operating systems and applications, across various hosts and systems. OBELUS Platform is designed to scale without difficulty or costs providing secure data storage at a reasonable price. This helps you in long-term storage, analysis, manipulation, and reporting on logs and security records.

2. Dynamic analysis executes malware in a controlled and monitored environment to observe its behaviour.

Basic dynamic analysis actually runs malware on to a sandbox environment and observes its behavior, understand its functionality and technical indicators which can be used in detection signatures. Technical indicators gather or discovered with dynamic analysis contains domain names, IP addresses, file path, registry keys value, additional files on network, file droppers or CNC communications.

Our Actionable Threat Intelligence Feed based on the malicious activities helps our clients to proactively Prevent, Detect and Mitigate cyber threats. File Reputation Threat Feed

These kinds of feeds gives user detail report indicator of compromise and their key attributes base on the threat analysis conducted on malicious file. The checks are performed on some Executable Files few listed below.

  • .DOC, .DOCX, .DOCM and Other Microsoft Office Files.
  • .JS and .JAR Files.
  • .VBS and .VB Script Files.
  • .PDF Adobe Reader Files.
  • .SFX Archive Files.
  • .BAT Batch Files.
  • .DLL Files.

Helps our client organizations to combine, correlate, and analyze threat data from multiple sources in real time to support defensive actions. An Organization can gain a better advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks.

THREAT INTELLIGENCE SERVICES

Web Reputation Feed

Our Web Reputation feed provides user indicator of compromise and their key attributes based on the URLs/Domain that has or contain maliciously bad reputation.

Custom Threat Intelligence Advisories:

This option provides user to analyze to gather threat intelligence with respect to particular domain such as banking or healthcare industry. These details are shared with requested client as threat advisories.

In-house Malware Sandbox Environment:

With in-house Malware Sandbox Environment allow our Security Analyst to investigate suspicious files and gather intelligence and share with client with actionable recommendations.