MalNet Maltego Transforms with ProofPoint Data

MalNet accesses the Proofpoint ET Intelligenceā„¢ comprehensive database that contains current and historical malicious IP addresses and domains. In this blog post we share screenshots of Maltego 4 and a quick youtube video. In this example, we cover 15 domains related to GozNym campaigns that operated in the month of April, 2016. MalNet with GozNym In the examples below, within the screenshots provided we cover malware associated with the domains and, identifying related malware, IP addresses, associated domains and IDS signatures related to traffic generated by malware. Starting with a Hash Get DNS Lookups Acquire Related

ShadowDragon Screenshots with Maltego M4 Release

The latest version of Maltego "M4" from Paterva, was released earlier this morning. Being the first commercial transform providers since Maltego had been launched, we had been playing with this for a few weeks. We have enjoyed every minute of testing our transforms, looking at larger datasets and the like. Below are a few screenshots of our flagship product SocialNet, integrated with the new Maltego M4 release. If you haven't seen the video from Maltego, please go check it out now. Email Correlations Acquiring Deeper Information Mapping Deeper Relationships Identifying Core Locations Visualizing Deeper Connections Contact the staff at ShadowDragon

Tracking GozNym Campaigns with MalNet

In 2007, Don Jackson while at SecureWorks had written about the Gozi Trojan, sharing details on the modularization and monetization strategies utilized by this family of malware. More recently, (04/04/16) Limor Kessem from IBM had also provided some interesting background on Gozi and Nymaim . Correlating the different indicators and samples, we had been able to observe different recent campaigns had started on the 14th, of April with the following campaign dates of interest: 2016-04-04 (The outlier in our samples appears to be 04/04/16) 2016-04-14 2016-04-15 2016-04-16 2016-04-17 2016-04-18 2016-04-19 Looking at the sample submission dates and

Demonstration: Tracking Malware Campaigns and Domains Using MalNet

MalNet brings together the industry's most up to date and extensive threat information from Proofpoint with Maltego link analysis capabilities from ShadowDragon. MalNet enables threat analysts and researchers to identify and visualize malware connections in just minutes to expedite investigations and response. In this short 4 minute video we will demonstrate how MalNet enables analysts to track malware campaigns and domains using malnet. By starting with just an malware artifact, we'll show you how you can identify new domains, ip addresses and additional malware all related to this original artifact. Technical Audiances In this example we start off with the