Flashpoint’s Technical Intelligence empowers users with emerging, high quality, and easily actionable technical intelligence to reduce an organization's most critical cyber attack surfaces. By combining collections and analysis, Flashpoint identifies the most timely cyber attack vectors and provides the necessary context to internal teams, thereby addressing the organization's most critical intelligence requirements. Our high-fidelity and high confidence intelligence focuses on value, signal-rich and actionable data from sources which Flashpoint has unique access to.

Technical Intelligence enables access to hundreds of thousands of indicators of compromise (IOCs) identified by the Flashpoint Hunt Team based on automated collections of high-signal sources and technical analysis. Our intelligence enriches existing data points or other IOCs and provides the context necessary to analysts or decision makers who must make informed, reasoned, and timely decisions about the latest threats.


Technical Intelligence: Collections and Analysis

Flashpoint focuses our collection efforts on high-fidelity and high-confidence IOCs on specific activity from crimeware and APT/Nation-State malware, including:

  • Emerging malware observed in the wild

  • Insights into threat actor malware creation process

  • Special collections on threat actor Infrastructure

  • Automated and manual malware analysis via Flashpoint proprietary technology

Flashpoint Proprietary Sandbox Analysis

Flashpoint utilizes proprietary technology to analyze all malware samples ingested by Flashpoint Technical Collections, providing IOCs of the following types: IP addresses, domains, in the wild URLs, and hashes (SHA1, SHA256, MD5) among 50+ others. Analysis also includes decoded configuration files and associated context, including MITRE ATT&CK Tags and any associated intelligence reports or mentions within Flashpoint communities datasets.

Observations

In addition to data produced by Flashpoint analysis, our Technical Intelligence incorporates IOCs that are identified and vetted by the Flashpoint Hunt Team within Flashpoint collections, as well as in the wild.


Accessing Technical Collections

Intelligence Platform and Dedicated Malware Knowledge Pages

Users are able to view all technical intelligence within the Flashpoint Intelligence Platform, conduct searches, and view associated metadata and configuration files.

Flashpoint Malware Knowledge Pages are curated by our intelligence analysts and are dedicated to prevalent malware families to succinctly provide critical information and context surrounding the threat. Malware families are linked to reports, IOCs, mentions by the community within Flashpoint collections, and provide a timeline of activity.

API Access and Integrations

Technical data and all associated context (e.g. MITRE ATT&CK Tags, malware family name) MITRE is shared via Flashpoint Technical Intelligence API and partner integrations, enabling programmatic access to IOCs identified by the Flashpoint Hunt Team based on automated collections of high-signal sources and technical analysis. Flashpoint supports over 15 integrations, including TIPs, SIEMs, and Orchestration tools that ingest IOCs and associated context. For more information on integrations, please see the “APIs and Integrations” section of the platform.


Key Benefits

  • Identify the most timely cyber attack vectors using context and IOCs from prevalent malware family activity, associated MITRE ATT&CK methods, target information, origin information, and associated intelligence reports and threat actor group profiles.

  • Investigate emerging threats, including identifying malware families newly observed within illicit communities, and the evolution of existing prevalent families of malware. Identify overlap between malware, infrastructure, threat actor groups, and their TTPs.

  • Review critical malware information succinctly via Malware Knowledge Pages, such as malware family descriptions and notable events, associated reports, IOCs, and mentions in Flashpoint collected communities datasets.

  • Access IOCs obtained from automated and manual malware analysis, special collections on actor infrastructure, threat actor malware creation process, and malware observed in the wild.

  • Retrieve high-fidelity network IOCs related to live infrastructure and in the wild URLs for the malware families Flashpoint monitors.

  • View high-fidelity and high-confidence IOCs obtained from Flashpoint’s sandbox analysis and decoded configuration files of malware families that Flashpoint monitors.

  • Search, filter, and pivot to raw data while visualizing trends in prevalence of monitored families of malware, associated TTPs, and more in the IOC Analytics Dashboard

  • Retrieve high-fidelity network IOCs related to live infrastructure and in the wild URLs for the malware families Flashpoint monitors.

  • View high-fidelity and high-confidence IOCs obtained from Flashpoint’s sandbox analysis and decoded configuration files of malware families that Flashpoint monitors.

  • Search, filter, and pivot to raw data while visualizing trends in prevalence of monitored families of malware, associated TTPs, and more in the IOC Analytics Dashboard


Did this answer your question?