Intro to Threat Research Manager tool

We’ve been busy working on many enhancements which we will be releasing later this week. While we are doing that, we thought it would be good to blog about a tool we have written to help Threat Researchers improve the way they handle infections when hunting for malware.

Deepviz isn’t just a platform for malware analysis, nor it’s just a huge database of threat intelligence data – we wanted to design it to be as flexible as possible.

  • Do you want to check whether the file you downloaded is a known malicious file? Deepviz Malware Analyzer with our automatic classifier will provide you with the correct answer.

  • Are you a malware researcher and do you want to better understand how a file is going to behave on your system? Deepviz Malware Analyzer will provide you with exact behavior so that you can review it and decide yourself.

  • Are you a malware researcher and/or a IT security company interested in more details regarding some indicators you might have collected from a security incident (e.g. Hashes, web domains, IPs, suspicious strings and so on…)? Deepviz Threat Intelligence platform is there for you, with many different features like the ability to find similar samples, clusters of malware families connecting to specific domains and tons of other brilliant features we will show you in the next blog posts.

  • Are you a bigger IT security company and/or ISP, or anybody else interested in integrating our platform? We provide you with a flexible set of RESTful APIs you can easily implement and use.

 

However – following our past experience as malware researchers – we know that there is one specific thing of malware research which is absolutely painful: doing live malware research sessions and keeping track of what you have done, what samples have been dropped on your lab environment, analyze each one of them and prepare your research results.

So, while designing Deepviz, we thought that it could easily become a wonderful tool for addressing this problem and make your research session much easier and straightforward, allowing you to not loose the focus on your main goal.

That’s what Deepviz Threat Research Manager is about!

Threat Research Manager is an awesome free tool that will record your research sessions, capture all the dropped files and automatically upload them to our Deepviz Malware Analyzer, ready to be processed and classified. Once your research session is ended, you will find all your analyzed samples in your account panel, along with the completed analysis ready to be reviewed by you.

With Threat Research Manager you can create as many sessions as you want, rename them with something which will remind you about the session’s goal, delete old sessions, suspend them, etc.

There might be case when you are doing your malware research session and you want to pause it because you need to start another unrelated research on a new sample. You can put the first session on hold, start a new session, then restore the previous one when you’re done and simply go ahead where with the previous session.

Here a short video showing you how to use Deepviz Threat Research Manager.

Threat Research Manager is totally free and you can grab your copy from hereYou will need to signup for your own free account to get your personal API key.

We hope you’ll enjoy it and we would love to hear your feedback, to improve the tool and make it as useful as possible!