Our advanced research provides us with a vast amount of new security research (URLs, malware samples, etc), and now it’s available to other companies and researchers. As a complement to our CWSandbox automated malware analysis suite, we provide to technology and business partners three data feeds from our Threat Center (feeds are only available to vetted professional security researchers and recognized security companies).
These feeds are an extraordinarily valuable resource to assist in analyzing, protecting and remediating malware threats.
Feed #1: Malware Sample sharing
Provides: New samples downloaded each day, in a dated daily zipfile that is double-compressed and password-protected. Each sample is named its md5sum, followed by .EX$. This is not sent in email, as the file size is prohibitive. Only new samples (by md5) will be posted each day, all of which will be Microsoft Portable-Executable (PE) files.
Feed #2: XML Reports
Frequency: Immediate upon submission from any existing source to our CWSandbox database (i.e. very frequently).
XML reports are sent as email attachments. While the size of the attachments is small (typically 20K to 200K), the total volume of email is high (can be several thousand per day) so a specific email account or alias for receiving these should be used.
Provides: XML reports of every sample scanned through the CWsandbox. No frills email format with a text or an HTML result and XML report attached to it.
Feed #3: Distilled URLs and IPs
Provides: New malware URLs in a daily text digest. URLs provided either come from our research center, from URLs that have been reported as malware that day, or that have been downloaded in the CWsandbox by Trojan downloaders. Vendors are responsible for sorting malware from other behavior (i.e. phish submissions, ad rotationals, potential false positives). We advise downloading EXE files first with tools like Wget and Grep, then sorting the list to fit the role.
If you’re interested in finding out more, contact Chad Loeven.