search

Malware

hashtag
What is a malware card?

Malware is malicious software and it's what Threat Actors use to break into their target systems. Malware can be ransome, infostealers, keyloggers, spyware, backdoors, RATs, et cetera.

Tracking malware is useful, because it allows you to proactively monitor for developments and subsequently defend against them. If, for example, a certain malware exploits a vulnerability in one of your assets, that's definitely something you want to be aware of, track and mitigate.

It also helps you create custom descriptions with recommendations on those malware families, so you know exactly how it applies to you and what to do about it.

hashtag
How to create a malware card

There are a few really easy ways to create (and with that, track) malware in Liberty91.

hashtag
Creating Malware cards in the sidebar

  1. Go to the Workbencharrow-up-right in the sidebar (go there now with this linkarrow-up-right)

  2. Scroll down to 'Malware'

  3. Type in the name of the Malware family you want to create, click on 'create'

  4. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware

  5. Don't forget to tune its criticality

Creating Malware cards in the Workbench is easy

hashtag
Creating a Threat Actor in the Malware Overview

  1. Go to 'Malware' under your Threat Library in the sidebararrow-up-right. You may have to scroll down a bit.

  2. The top-left card is green, and shows a plus-sign. Type in the name of your new malware card and click 'create'.

  3. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware family

  4. Don't forget to tune its criticality

create a new malware card in the green card in the top-let

hashtag
Creating a Malware Card based on a Suggestion

Sometimes, Liberty91 will suggest new Threat Actors, Malware of Vulnerabilities for in your Threat Library. These are based on events in your dashboards. When you see one that you'd like to keep tracking, just click on it and Liberty91 will collect the relevant reporting and generate a relevant and accurate description for you.

  1. Find the 'Suggested Malware' in an Event Card. They are on the side, under the Analysis and the Threat Library Links that already exist.

  2. Click on the Malware family you want to create a card for and track

  3. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware Card

  4. Don't forget to tune its criticality

Clicking on 'FunnySwitch' (for example) would create a new Malware Card in your Threat Library

hashtag
Aliases

Because every security company uses a different naming conventionarrow-up-right, they often use different names for the same Threat Actor. For example: 'Sandworm' is the same team as 'APT44'. Although far less common, the same can be true for malware. You don't want to create separate Malware cards for the same piece of code, so this is where 'aliases' come in handy. Just create an alias for an existing malware card and Liberty91 will capture all mentions under the same Threat Card in your Library.

hashtag
What is on a malware card?

A malware card has the exact same information on it as a Threat Actor Card.

Click here:What is on a threat actor card? to find a very thorough description.

PreviousThreat ActorsNextVulnerabilities

Last updated