Integration Spotlight: ReversingLabs

Integration Spotlight: ReversingLabs

Hunt malware faster and improve signature development with ReversingLabs and Recorded Future.

Table of Contents


Product Overview

ReversingLabs industry-leading solutions provide enterprises unparalleled visibility of unknown files to neutralize breaches earlier in the attack chain. Its unique File Decomposition technology enables customers to address breaches faster to limit impact to business continuity and reputation, enhance response to threats, and strengthen defenses through better clarity.

Challenges Overcome Through Integration

Organizations are being attacked by skilled and well-resourced adversaries who rapidly morph their techniques to hide their intent and actions. Often, known malicious payloads are reused with slight modifications to bypass even the best AV and dynamic analysis tools. Attackers will continue to evolve, enhance, and increase attack frequency to evade existing protections.


Integration Description

ReversingLabs’ automated static analysis engine recognizes over 3,500 file formats and contains support for 350 unpackers that malware authors use to obfuscate executables. The support for more file formats and unpackers continues to grow with each release of the analysis engine.

ReversingLabs File Reputation and Automated Static Analysis, integrated with Recorded Future’s Intel Cards, enables organizations to fully investigate suspicious file hashes and empowers initial response, remediation, and future preparedness.

The Recorded Future integration highlights one aspect of the full set of ReversingLabs solutions that focus on continuous incident and breach response to drive custom rule enforcement: take organizational context-specific information, investigate it, and use it to tune the defenses and recover from breaches faster.

In the current integration, when Recorded Future discovers “interesting” file-related content: hashes, IP domain names, URLs, etc., the Intel Cards display high-level information about the threat from ReversingLabs File Reputation Repository including:

  • Threat name
  • Malware family name
  • File reputation status (malicious, suspicious, known, unknown)
  • File hashes
  • Threat level
  • Sample source trust level
  • First-seen and last-seen date
  • AV detections including regular updates and historical perspective
  • Scanner details with a link to advanced threat analysis inside the ReversingLabs A1000 Malware Analysis Platform