Malware Cards

Malware Intelligence Cards (aka Malware Cards) provide an on-demand summary of essential information related to a specific Malware, and are updated in real time as Recorded Future collects new information. You can use Malware Cards as a starting point when assessing whether this Malware poses a specific risk to your organization, and further can be used in identify associated indicators of compromise. Malware Cards are also pivot points during investigations that start with another indicator, a vulnerability, or a threat actor.

Descriptions of several common components of the Malware Card are found in the Overview of Intelligence Cards; the details below are specific to the Malware Card:


The Malware Card header include known synonyms for the Malware family.  Along with the usual reference counts and first/last seen dates, the header also includes Malware Category information:



Malware Cards may show two timelines. The first timeline, colored in blue, summarizes all reported events involving this entity in the last 60 days. The second timeline summarizes reported Cyber Attack and Cyber Exploit events specifically. Each day in the cyber event timeline is color coded by the criticality of the Cyber Threat signal for this entity on that date.


Related Email Addresses

In addition to the standard related entity lists, Malware cards also offer a list of related Email Address entities. This can be valuable in identifying online personas related to the malware too.