GLIMPS MALWARE – EN
GLIMPS Malware
Our Malware analysis tool is based on a code detection technology, independent of the compilation options, the toolchain used and even the architecture (x86, ARM, PPC, MIPS…)! Thanks to that, we are able to detect unknown threats on non-standard systems (IoTs, cameras, PLCs…) because they have common code with known sources in a more classical environment.
Because our technology is also designed to detect the code of a binary in multiple forms, it can detect a threat that specifically targets your business.
Security solution on your email or web proxy
Assist SOC analysts
Threat Intel
Centralized files analysis platform
The table below summarizes the added value of GLIMPS-Malware at the different stages of malware detection and analysis.
How it works
By conceptualizing the compiled code, we can go back to a level of abstraction similar to the level of the source code, ignoring the modifications induced by the compilation, the target architecture, etc… We can therefore find the Intellectual Property presence of an attacker group in a file, which allows us to immediately detect and characterize the threat.
In the figure above, an attacker group, “APT 42”, possesses a “private” code. Once used in several malware and campaigns, it is very difficult to trace back to this common code. Thanks to our technology, we transform the different malwares exploited by this group into “Concept Code”, and since their own characteristics are independent of the toolschains and architectures used, we are able to identify the presence of common code between these two branches and to affirm that the attacker necessarily possesses a common source code used to produce them: the two subfamilies then necessarily come from the same entity! Of course, before, we have removed any concept code associated with public source code (runtimes, open-source codes…) that can be found in many malwares.
GLIMPS-Malware is not just a technological brick! In order to be able to support the flows that you may be confronted with, we have integrated it in a powerful orchestrator, thanks to which we have already been able to analyze millions of files. The capacity of the scanning platform is totally adjustable to your needs, whether you want to scan 10 binaries per day or the millions of files on your Internet gateway. In addition, it also allows you to take advantage of numerous additional plugins: antivirus, extraction plugins and document analysis… Thanks to this, you immediately have a complete tool that provides a detailed and powerful report of the file analysis and has an automatic alert capacity that can be integrated into your SIEM solution.