We’ve made some updates in Intezer Analyze to improve your incident response and threat intelligence workflows. From classifying samples faster to staying current on emerging malware families, check out the latest features below.
Part of an effective threat intel program involves staying current on malware families such as Lazarus, Emotet, and TrickBot. Click Track this threat for any malware family to get updates on new samples spotted in the wild through code reuse.
See trending malware families and top community uploads on the home page. Despite a major takedown attempt from Microsoft, TrickBot remains an active threat. Here is a recent low-detected TrickBot sample that shares 80% of its code with previous versions.
Classifying your SHA256, MD5 or SHA1 is just a right-click away! The Chrome extension for Intezer Analyze streamlines the Search Hash process allowing you to identify threats faster with a simple click from any Chrome webpage.
If you come across IOCs when reading a blog you can quickly submit them for Genetic Analysis to see what code they copied from previous malware. You can also try running low-detected or generic files from VirusTotal with Intezer Analyze to get an exact classification. We’ll tell you if the threat is Emotet rather than just Trojan.Generic.
1. Add the Chrome Extension for Intezer Analyze.
2. Highlight a hash on any Chrome webpage.
3. Right-click and select “Analyze with Intezer” or paste the hash in the extension.
Our Genome Database is updated daily with the latest code from trusted applications and malware. New code introduced to the system from our community users and data team keeps you current with rapidly evolving threats.
We are now providing a weekly summary to notify you of changes in classifications since their initial analysis. In the case where a previously unknown malware is identified, or a general malware is classified to a specific malware family, this can prove valuable.
Malicious genes that don’t belong to a specific family are now classified as Malicious Library. This label reorganizes the analysis reports and makes prioritizing your response to threats easier.
We welcome your feedback on these features!
Community users can classify up to 10 files daily for free. For more advanced features, check out our enterprise plans.
