Intezer Analyze

Modified on: Wed, 4 Aug, 2021 at 2:59 PM

Overview

Intezer Transforms for Maltego enable Threat Intelligence Teams and Malware Investigators to automate end-to-end malware analysis investigations.


Intezer’s integration with Maltego provides a unique layer of the relation between different files that share the same DNA. The combination of Intezer’s malware classification and Maltego’s visualization allows threat intelligence teams to streamline their malware analysis process.


Intezer Analyze is an all-in-one malware analysis platform, helping incident response and SOC teams streamline the investigation of any malware-related incident. With the Intezer Transforms, malware investigators and threat analysts can get answers quickly about any suspicious file or endpoint, classify suspicious files and machines in seconds, accelerate response time, and consolidate multiple malware analysis tools into one.


Intezer uses both static and dynamic sandbox execution for code extraction, together with other artifacts such as network Indicators of Compromise (IOC), which are also available in Intezer’s Maltego integration.


With Intezer Transforms, investigators can optimize their cyber malware analysis process by:

  • Retrieving a malware classification based on malware family resolution.
  • Uncovering related files based on code reuse.
  • Extracting dynamic IOCs such as dropped executables and network behavior.


To read more about the integration benefits and how investigators can leverage Intezer data, visit our website here.


Pricing and Access

Pricing Tier

  • Free Trial (15 free Transform runs per month), Bring your own key
  • Requirements: For full solution access, Maltego One and an Intezer subscription is required


Access

  • Free Trial - No API key required, install directly from Transform Hub on Maltego Desktop Client. Free tier usage is restricted to 15 Transform Runs per month.
  • Bring Your Own Key- Plugin your Intezer Analyze API key to start using the Transforms. To get an Intezer Analyze API key, you can start by signing up for free and creating a community account here: https://analyze.intezer.com/create-account

Intezer Analyze Transforms

To IOCs [Intezer]

Description

This Transform retrieves a file’s network IOC.


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
APIkey string   True False False

Transform Meta Info

Information Value
Display Name To IOCs [Intezer]
Owner Intezer
Author avigayil@intezer.com
Data Source Intezer
Transform Name IntezerGetIOC
Input Entities maltego.Hash
Output Entities Phrase
Short Description This Transform retrieves a file’s network IOC

To Tags [Intezer]

Description

This Transform retrieves a file’s technical characteristics (tags).


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
APIkey string   True False False

Transform Meta Info

Information Value
Display Name To Tags [Intezer]
Owner Intezer
Author avigayil@intezer.com
Data Source Intezer
Transform Name IntezerGetFileInfo
Input Entities maltego.Hash
Output Entities Phrase
Short Description This Transform retrieves a file’s technical characteristics (tags)

To Malware Family [Intezer]

Description

This Transform retrieves a file’s malware family name.


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
APIkey string   True False False

Transform Meta Info

Information Value
Display Name To Malware Family [Intezer]
Owner Intezer
Author avigayil@intezer.com
Data Source Intezer
Transform Name IntezerGetFamily
Input Entities maltego.Hash
Output Entities Phrase
Short Description This Transform retrieves a file’s malware family name

To Dropped File Hashes [Intezer]

Description

This Transform retrieves files dropped by the input Entity.


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
APIkey string   True False False

Transform Meta Info

Information Value
Display Name To Dropped File Hashes [Intezer]
Owner Intezer
Author avigayil@intezer.com
Data Source Intezer
Transform Name IntezerGetDroppedFiles
Input Entities maltego.Hash
Output Entities Phrase
Short Description This Transform retrieves files dropped by the input Entity

Description

This Transform retrieves files that share the same code with the input Entity.


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
APIkey string   True False False

Transform Meta Info

Information Value
Display Name To Related File Hashes [Intezer]
Owner Intezer
Author avigayil@intezer.com
Data Source Intezer
Transform Name IntezerGetRelatedFiles
Input Entities maltego.Hash
Output Entities Phrase
Short Description This Transform retrieves files that share the same code with the input Entity

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.