Autonomous SOC Platform
We are happy to introduce the Intezer Analyze plugin for Maltego. Combine insights from our malware analysis platform with Maltego’s graphical tool (And you know we love graphs).
Maltego is a graphical intelligence tool based on open-source intelligence and forensics data. It enriches data by making connections between different entities such as files, network, accounts and more. Data linking is done by using ‘Transforms.’ Transforms are pieces of code that take an entity as an input and provide related information as an output. For example, a transform that connects a URL (input) with an IP address (output).
On Maltego’s Transform Hub you can find the plugins of many different intelligence and analysis vendors, now including Intezer!
Intezer Analyze Plugin
Intezer Analyze is a complete malware analysis tool. Gain immediate context about any malware-related artifact, including: verdict, malware family, related samples, TTPs, network IoCs and more.
The plugin can be found under the Transforms Hub.
The following transforms are available in the plugin:
|
Transform Name |
Input Entity |
Description |
|
To Dropped File Hashes [Intezer] |
maltego.Hash |
This transform gets files dropped by the input entity. |
|
To Malware Family [Intezer] |
maltego.Hash |
This transform gets the file’s malware family name. |
|
To Tags [Intezer] |
maltego.Hash |
This transform gets the file’s technical characteristics (tags). |
|
To IoCs [Intezer] |
maltego.Hash |
This transform gets the file’s network IoCs. |
|
To Related File Hashes [Intezer] |
maltego.Hash |
This transform gets files that share the same code with the input entity. |
Take a look at the analysis of Sofacy in Intezer Analyze. You are provided with immediate malware classification, network IoCs, tags and dropped executables for the sample. This information is useful for researchers, IR, SOC and threat intelligence teams, and doesn’t require sifting through long, complicated sandbox reports to get the bottom line.
The graph below shows the output after running all of Intezer’s transforms on this file.
Key components from Intezer Anlyze’s GUI provided by the plugin include network IoCs, classification, tag, other files that share code, and the dropped executable.
All You Need is an API Key
Start using the plugin with your Intezer Analyze API key. To get an API key, sign up for free.
Next, register to Maltego and download their software.
If you do not have an API key you will be able to run up to 15 transforms.
Go ahead and give the plugin a spin!
Intezer Analyze users can start by analyzing and classifying 50 files per month.
Count on Intezer’s Autonomous SOC solution to handle the security operations grunt work.
Recommended Articles
-
.NET Malware 101: Analyzing the .NET Executable File Structure
Welcome to our deep dive into the world of .NET malware reverse engineering. As... 13 March 2024 -
How Artificial Intelligence Powers the Autonomous SOC Platform
A few years ago leading cybersecurity professionals and industry analysts were publicly saying that... 7 March 2024 -
Interactive Browsing: A New Dimension to URL Analysis
We’re excited to announce a new feature in Intezer that revolutionizes how security teams... 26 February 2024
