Malware
Last updated
Last updated
Malware is malicious software and it's what Threat Actors use to break into their target systems. Malware can be ransome, infostealers, keyloggers, spyware, backdoors, RATs, et cetera.
Tracking malware is useful, because it allows you to proactively monitor for developments and subsequently defend against them. If, for example, a certain malware exploits a vulnerability in one of your assets, that's definitely something you want to be aware of, track and mitigate.
It also helps you create custom descriptions with recommendations on those malware families, so you know exactly how it applies to you and what to do about it.
There are a few really easy ways to create (and with that, track) malware in Liberty91.
Go to the in the sidebar (go there now with this link)
Scroll down to 'Malware'
Type in the name of the Malware family you want to create, click on 'create'
Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware
Don't forget to tune its
The top-left card is green, and shows a plus-sign. Type in the name of your new malware card and click 'create'.
Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware family
Sometimes, Liberty91 will suggest new Threat Actors, Malware of Vulnerabilities for in your Threat Library. These are based on events in your dashboards. When you see one that you'd like to keep tracking, just click on it and Liberty91 will collect the relevant reporting and generate a relevant and accurate description for you.
Find the 'Suggested Malware' in an Event Card. They are on the side, under the Analysis and the Threat Library Links that already exist.
Click on the Malware family you want to create a card for and track
Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware Card
Because every security company uses a different naming convention, they often use different names for the same Threat Actor. For example: 'Sandworm' is the same team as 'APT44'. Although far less common, the same can be true for malware. You don't want to create separate Malware cards for the same piece of code, so this is where 'aliases' come in handy. Just create an alias for an existing malware card and Liberty91 will capture all mentions under the same Threat Card in your Library.
A malware card has the exact same information on it as a Threat Actor Card.
Go to 'Malware' under your Threat Library in the . You may have to scroll down a bit.
Don't forget to tune its
Don't forget to tune its
Click here: to find a very thorough description.