Skip to main content

ReversingLabs Ransomware and Related Tools Feed

Download With Dependencies

A timely and curated threat intel list containing recent indicators extracted from ransomware and the tools used to deploy ransomware which are suitable for threat hunting or deployment to security controls.

This pack installs the ReversingLabs Ransomware and Related Tools Feed integration.

ReversingLabs Ransomware and Related Tools Feed includes fresh indicators from not only ransomware but the tools used
to gain access and deploy ransomware enabling defenders the opportunity to discover adversaries initial network access
and lateral movement before their data is encrypted. Our threat intelligence researchers analyze ransomware attack
trends and the security landscape to ensure that only the most up to date and relevant malware families are dissected
to create technical indicators.

Key Features

  • Indicators from multiple stages of typical attacks allow for early detection and the ability to reduce damage associated with IP theft and ransomware attacks.
  • Aggressive aging of the indicators ensures only relevant indicators are active in the list.
  • Extensive post processing of indicators eliminates or reduces confidence on indicators likely to produce false positives.
  • Indicators such as IP, Domain, URI and Hash include tagging to give additional context such as MITRE ATT&CK, network parameters, attack stage and malware family name

About ReversingLabs

ReversingLabs is the leading provider of explainable threat intelligence solutions that dissect complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC processes with a transparency that arms analysts to confidently take action and hunt threats.

This pack installs the ReversingLabs Ransomware and Related Tools Feed integration.

ReversingLabs Ransomware and Related Tools Feed includes fresh indicators from not only ransomware but the tools used
to gain access and deploy ransomware enabling defenders the opportunity to discover adversaries initial network access
and lateral movement before their data is encrypted. Our threat intelligence researchers analyze ransomware attack
trends and the security landscape to ensure that only the most up to date and relevant malware families are dissected
to create technical indicators.

Key Features

  • Indicators from multiple stages of typical attacks allow for early detection and the ability to reduce damage associated with IP theft and ransomware attacks.
  • Aggressive aging of the indicators ensures only relevant indicators are active in the list.
  • Extensive post processing of indicators eliminates or reduces confidence on indicators likely to produce false positives.
  • Indicators such as IP, Domain, URI and Hash include tagging to give additional context such as MITRE ATT&CK, network parameters, attack stage and malware family name

About ReversingLabs

ReversingLabs is the leading provider of explainable threat intelligence solutions that dissect complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC processes with a transparency that arms analysts to confidently take action and hunt threats.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedFebruary 25, 2022
Last ReleaseDecember 4, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.