Top Categories

Spotlight

todayFebruary 3, 2021

News + Malware + Botnet + Ransomware Mjolnir Security

Fall of Emotet

On January 27, 2021, news broke from Europol that a collaborative effort had effectively taken down and disrupted one of the most significant botnets in the past decade – Emotet. This global action and collaborative initiative incorporated authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, [...]


Intelligence

Background
share close

Who’s talking about your business? Who wants to hurt you? What information do they have?


Mjolnir Threat Intelligence (MTI) provides organizations with the awareness needed to identify and respond to cybersecurity threats before they become victims.  MTI leverages an extensive sensor and analytics network, searching web, darknet, and TOR, compiles and analyzes data in real-time, and generates customized reporting that will meet the needs and specifications of any client request. MTI empowers organizations to understand, monitor, and control the threat landscape, and enables them to proactively identify, predict, and prevent attacks before they happen. Further, the data captured by MTI results in  a more effective and efficient incident diagnosis in post-attack phase.


This unique knowledge generated by the MTI solution strengthens not just the security of the business itself, but can also strengthen the relationships with their clients and staff by protecting their end users.  Based on the needs of the organization, Mjolnir will generate custom botnet and targeted malware reports based on YARA rules, phishing reports, or offer real time data feeds in STIX/TAXII format, which can be seamlessly integrated into existing SIEM tools.


Mjolnir Threat Intelligence (MTI) can be used across sectors and for specific Use Cases, and has unique applications for Legal, Finance, and Public organization. All data is run through our proprietary Mjolnir Threat Analytics Console (MTAC).

MTAC Malware Tracker

MTAC Malware Tracker tracks popular malware campaigns around the world and maps them against MITRE ATT&CK Framework

Dealing with Mergers & Acquisitions?

MTI has been customized for organizations supporting M&A activities, by focusing on a specific acquisition target (or targets), and attempts to identify potential risks that could affect the negotiated price or projected costs from an acquisition. The M&A service can also compare the acquisition target against a set of similar companies in an effort to develop comparisons and contrasts relating to economic and business risk scenarios.


Incident Validation and Prioritization

When SOC Level 1 analysts escalate incidents to the IR team, the incident responder must prioritize those incidents and decide which ones merit detailed investigations. Cyber threat intelligence can help them identify which incidents are most likely to be connected with attacks that target their organization, and assess which attacks have the highest potential for negative impacts on the business.
MTI can speed up the process by providing threat data that links the indicators of the attack to context such as likely threat actors, their motivations (financial, competitive, and ideological), their targets, and the impact of their previous attacks.


Incident analysis

Incident responders need to pivot from initial incidents to determine if the attacks are still in progress, to pinpoint changes made to systems and applications, and to identify possible damage in terms of stolen data and disrupted operations. MTI helps them answer questions (who, what, why, when and how) to develop a complete picture of attacks.
MTI enables the IR team to connect alerts and indicators with related events and artifacts. For example, if a malware sample is detected, is there an IP address it is known to contact? Threat intelligence might show that malware indeed contacts an IP address that is used as a command and control server by a cybercriminal organization.

Incident responders can then check network logs to find other corporate systems that have communicated with this server and are likely to be compromised.