Hashes or it Didn't Happen

Analyst

Hashes or it Didn’t Happen

May 03, 2016

By Steve Ginty

If you've been in the trenches of cyber security research, you may be familiar with the phrase, hashes or it didnt happen. Its a testament to the importance of having malware when conducting an investigation and its something PassiveTotal has historically lacked inside the platform. Our focus has always been to provide the most comprehensive infrastructure solution while working with companies dedicated to the processing malware to fill our gaps. Starting today, we are happy to announce that Proofpoint Emerging Threats data will be available to all users within PassiveTotal.

Emerging Threats is a household name in the cyber security community and has been processing malicious samples in their sandboxes for years. Partnering with them lets us connect those millions of samples with command and control data directly to the infrastructure being queried inside of PassiveTotal. In short, you will notice the Potential Malware tab showing up a lot more in your search results with a lot more malware leads.

Fortunately for us and our community, Emerging Threats also kept the resolution data with timestamps when they ran the samples, so in a way, they created a very specific historic DNS database. Weve taken this data and wrapped it up inside a module to create a new source of passive DNS appropriately labeled emerging_threats. Similar to our other sources of passive DNS, this will show up when running queries and should provide even more research leads.

How do I get this data?

Easy, just run queries like you normally would. When we pushed the Emerging Threats module out to the production servers, we also modified the allowed sources for each account to include Emerging Threats. This source will now be on by default for all new and existing accounts, but can easily be toggled off from within the API associations settings in your account.

In order to access the malware data, you will need to run a query that hits in the Emerging Threats database. If data is found, we will populate the Potential Malware tab with the source of data and the hash. In order to view the details of the file and respective sandbox run, you will need access to Proofpoints threat intelligence portal, but at the very least, its a good lead in knowing some malware exists.

Hashes for All

Running sandboxes at scale and processing a near infinite amount of samples was not something we wanted to focus on because we saw a rich selection of open source, commercial and private repositories that the community was accessing. Emerging Threats is certainly one of the leaders in our industry and we couldnt be happier to be working with them. If you have any questions or comments related to this new set of data, please reach out to feedback@passivetotal.org.

Featured Posts

External Threat Management | Labs

Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

RiskIQ's Team Atlas has uncovered still more infrastructure actively serving WellMess/WellMail. The timing here is notable. Only one month ago, the American and Russian he...

Joining Microsoft is the Next Stage of the RiskIQ Journey

Today Microsoft announced its intent to acquire RiskIQ, representing the next stage of our journey that's been more than a decade in the making. We couldn't be more ...

Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appea...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event