Request a Demo

Reversing Labs

ReversingLabs solutions drastically accelerate and broaden organizations’s ability to detect new threats, respond to incidents and gain intelligence on attacks. Large enterprises and security vendors use these solutions as a foundation for protecting digital assets. Our solutions implement unique, innovative technologies that detect and analyze threats within files. TitaniumCore™ Automated Static Analysis evaluates internal threat indicators in files in milliseconds to support real-time and high volume applications. TitaniumCloud™ File Reputation service identifies and provides up-to-date threat intelligence on 2 billion goodware and malware files.

Specialties

Integrations

ReversingLabs A1000

This integration is a series of Components that allow users to do malware analysis with ReversingLabs A1000 and TiCloud. The following apps and actions are available:

  • Analyze File with ReversingLabs - The Reversing Labs API lets you submit a supported file type for ReversingLabs analysis. Use this app to automate the submission of new malware files. The app attempts to detect whether a file is in ZIP format and, if it is, automatically unzips the file before sending it to the ReversingLabs API.
  • Download ReversingLabs Sample - This app downloads a sample residing on A1000. If a sample is in the cloud, you will need to download it to the A1000 instance that you are using first.
  • Get ReversingLabs Summary Report - This app uses hash_value(s) to get a summary classification report and details for a sample or list of samples.

These apps can be found in the ThreatConnect App Catalog under the names: Analyze File with ReversingLabs, Download ReversingLabs Sample, and Get ReversingLabs Summary Report.

Keep Reading

Built By ThreatConnect

ReversingLabs Ransomware & Related Tools Threat Intelligence List

This threat intel list includes fresh indicators from not only ransomware but the tools used to gain access and deploy ransomware enabling defenders the opportunity to discover adversaries initial network access and lateral movement before their data is encrypted. Our threat intelligence researchers analyze ransomware attack trends and the security landscape to ensure that only the most up to date and relevant malware families are dissected to create technical indicators. This integration is available for download here on the ThreatConnect Marketplace.

Key Features

  • Indicators from multiple stages of typical attacks allow for early detection and the ability to reduce damage associated with IP theft and ransomware attacks
  • Aggressive aging of the indicators ensures only relevant indicators are active in the list
  • Extensive post processing of indicators eliminates or reduces confidence on indicators likely to produce false positives
  • Indicators such as IP, Domain and Hash include tagging to give additional context such as MITRE ATT&CK, network parameters, attack stage and malware family name.

About ReversingLabs

ReversingLabs is the leading provider of explainable threat intelligence solutions that dissect complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC processes with a transparency that arms analysts to confidently take action and hunt threats.

Keep Reading

ReversingLabs TitaniumCloud

With this Playbook app, you can automatically detonate, analyze, and submit files in MalwareBazaar from ThreatConnect to understand if they are malicious and return any contextualized telemetry. This all leads to more informed decision-making and more efficient remediation of malicious files through automation. The following actions are available within the Playbook App:
  • Submit File for Analysis - Automate the submission of new malware files.
  • Download Sample - Download a sample residing on a1000. If a sample is in the cloud, you will need to download it to the a1000 instance that you are using first.
  • Get Extracted Files - Retrieve a list of all extracted files from a sample using the TitaniumCore engine.
  • Get Summary Report - Retrieve a summary classification report and details for a sample or list of samples based on hash_value(s)
  • Get File Reputation - Retrieve TitaniumCloud File Reputation results for files stored on the a1000 instance. The file must be on the a1000 instance. If it is not, you must first upload it and send it to the cloud.
  • Get Report - Retrieve TitaniumCore analysis for given sample hash value. The file must be uploaded to the a1000 instance beforehand.'
This app can be found in the ThreatConnect App Catalog under the names: ReversingLabs
Keep Reading

Built By ThreatConnect

ReversingLabs TitaniumCore

This integration is a series of Components that allow users to do malware analysis with ReversingLabs A1000 and TiCloud. The following apps and actions are available:
  • Get ReversingLabs Extracted Files - This app gets a list of all extracted files from a sample using the TitaniumCore engine.
  • Get ReversingLabs TitaniumCore Results - This app gets TitaniumCore analysis for given sample hash value. The file must be uploaded to the A1000 instance beforehand.
These apps can be found in the ThreatConnect App Catalog under the names: Get ReversingLabs Extracted Files and Get ReversingLabs TitaniumCore Results.
Keep Reading

Built By ThreatConnect

Playbooks

ReversingLabs Playbooks

The Create TitaniumCloud Yara Hunting Ruleset Playbook template allows you to take a YARA rule in ThreatConnect and upload it to ReversingLabs' A1000 Malware Analysis Platform's YARA Hunting capability.

The Delete ReversingLabs TitaniumCloud Yara Hunting Ruleset Playbook template allows users to delete a YARA rule that has been previously uploaded to ReversingLabs' A1000 Malware Analysis Platform's YARA Hunting capability. Note that if you enter the name of a YARA rule that is not present in A1000, the Component will still complete successfully, but will output the message "Failed to delete ruleset. Please see logs for more information".

These Playbook templates can be found in the ThreatConnect App Catalog under the names: Create TitaniumCloud Yara Hunting Ruleset and Delete ReversingLabs TitaniumCloud Yara Hunting Ruleset 

Keep Reading

Built By ThreatConnect

Looking for an
integration not shown?