Skip to main content
Skip table of contents

20240116

What’s New in HYAS Insight!

Malware Infrastructure Dashboard  NEW

A new dashboard aggregating HYAS's malware detonation pipeline is now live.  The dashboard packages the intelligence produced by HYAS's continuous malware detonation pipeline.  The data is clustered by malware family by default and augmented with malware tag and C2 ASN information.  The summary panel for each malware family can be expanded to reveal the detailed infrastructure intelligence for each. 

Note: This feature is available for HYAS Insight licenses with the Malware Intelligence module.  Contact your HYAS client success manager if you don't already have access.

Benefits:

  • Keep up to date on current malware trending and its infrastructure

  • Pivot into infrastructure data, connect the dots, and derive insights into threat facing your organization now and in the future.

  • Export data for downstream processing as part of your threat intelligence management program and blocklists.

 

Infrastructure Analysis  NEW

A new analysis feature in now live in HYAS Insight.  This capability allows you to ingest bulk IOCs and get a HYAS-derived verdict on each.  IP and domains can be uploaded via file or copy/pasted in list form for easy ingestion.  A shared ingest history is visible to all users on the same HYAS Insight-designated "team."  Watch for exicting future enhancements to this feature that analyze your uploaded IOCs in even broader ways! 

Note: This feature is available for HYAS Insight licenses with the Advanced Infrastructure intelligence module.  Contact your HYAS client success manager if you don't already have access.

Benefits:

  • Analyze IOCs in bulk

  • Pivot and investigate set of IOCs for suspected campaigns, specific types of malware, or other use cases determined by the data you ingest

 

HYAS Verdicts for IPs and Domains (beta)  NEW

The first beta phase of a "pivot crawling" engine determines a verdict for IPs and Domains and displays the HYAS-generated verdict in the header panel (and in some API responses). The verdict will be one of 4 values, color-coded for ease of understanding in the UI:

  • Malicious (reddish)

  • Suspicious (amber)

  • Benign (green)

  • No Verdict (white)

Verdicts are further described by high-level labels representing the “evidence” that determined the verdict. If multiple labels were involved in determining the verdict, they will all be displayed. Possible values for this release are:

  • Malware Association

  • C2 Activity

  • Domain/Config History

  • Risky 3rd Party Infrastructure

  • Community Intelligence

  • Risky DNS Transactions

  • TOR Node

  • Malicious SSL Cert

  • Known DGA

  • Nameserver Reputation

Future phases of development of our pivot crawling engine will take us out of the beta phase and also include the display of additional information, so watch for those updates!

Benefits:

  • Get an immediate understanding of the threat without manual investigation

  • Speed time to investigation

  • Enable a broader spectrum of users who get value from HYAS Insight

 

Tag Pivot   NEW

Now tags in HYAS Insight are clickable, allowing users to pivot to other data with the same tag. In addition to other tag matches, HYAS Insight will compile a list of IOCs with Malware Samples and C2 attribution to facilitate security and fraud investigator's workflow.

This feature applies to both private (red) and system (blue) tags.

Benefits:

  • Pivot more effectively to related data

  • Build a better picture of a threat faster

  • Find your own organization's tags faster for such things as adversary names, adversary campaigns, malware families, TTPs, and IR case numbers

 

Current WhoIs Data to Support ASN Object  IMPROVEMENT

Additional context for ASN objects including netblocks. Data is available via API and the Current WhoIs panel of the UI.

Other Minor Improvements  IMPROVEMENT

  • Consistency improvement in the emails being generated by HYAS Insight

  • Rename default text in search input fields within tables to "Find in Table" rather than "Search Data Table"

  • Add a label to Bogon IPs identifying them as such

  • Update all flags in the solution from older rectangular library of icons to a newer round style

  • New pop-up message appears when admins attempt to add more users than the organization's entitlement allows

  • Use the correct error prompt style in Account Management

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close