Malware & Threat
Research

Our malware research enables our partners to devise defenses and counterstrategies. The research ranges from exploits and vulnerabilities to advanced malware and targeted attacks.

Our malware research enables our partners to devise
defenses and counterstrategies. The research ranges
from exploits and vulnerabilities to advanced malware
and targeted attacks.

Get a Quote

Malware Analysis And Research ​

Our Malware analysis and research team has been working in the following domains
Our Malware analysis and research team has been
working in the following domains
Zero Day attack detection and
analysis
Develop honeypots for malware
and drive by download attacks
Test malware writing for agent
based detection engine
Sandbox evasion testing using
Cameo Sandbox
Cuckoo Sandbox
Malware reverse engineering
Dynamic
Static
Test malware writing for agent
based detection engine
Sandbox evasion testing using
Cameo Sandbox
Cuckoo Sandbox
Ebryx - Images

Threat Intelligence and Detection

Our team has extensive experience in producing localized and global threat intelligence and malicious campaign detection

Next-generation machine learning and AI-based Intelligent Algorithms power our cutting-edge threat intelligence and detection capabilities
Localized Threat Intelligence enables us to identify targeted threats and campaigns like APTs and phishing campaigns
against a specific organization
Global Threat Intelligence has detected malicious attacks
with global footprints
Phishing campaign "targeting" millions of users globally to harvest their user credential, personal and credit card
information
Digital coin mining campaign; attackers infected systems worldwide to use victim’s hardware to mine digital coins

Phishing Domain Technologies

System designed to detect phishing domains and URLs using
smart heuristics and similarity algorithms
Ebryx - Images

Content-based Detection

Comparing HTML, forms and images with phishing datasets and in case of a match the said URL or domain is identified

Domain and Network-based Detection

Similarity analysis of the content of a target URL with websites on the Alexa domain list. In case of high similarity in content, the URL is declared malicious
Detection results have a very high accuracy
Ebryx - Images
Ebryx - Images

Malicious Domain Detection

Detection of newly registered malicious domain using light weight static analysis and emulated techniques
Crawling and Scanning
Analysis of Information
Running Heuristics
Perform Correlation

Automated Web Shell Detection​

Automated Process for Detection of Web Shells on Webservers
Web Shells are server-side scripts uploaded on vulnerable servers, by threat actors, to create backdoors
Backdoors are used by threat actors to download/upload files, execute commands and access backend databases. These are very difficult to detect
Functions of Automated Web Shell Detection
Detection of web shell presence on compromised servers on the web
Collection of web shells from various
servers
Multiple server technologies covered by service
Feature extraction from web shells
Listing features using heuristics
Detection Process

Domain Detection Technologies​

Several modules of the detection engine were built in-house, using
the open source stack, modules include

In-House Tools & Technologies Used

Domain Crawlers and scanners
Heuristic Engine
Web Content Emulators:
JavaScript Flash, HTML 5
Correlation Engine

Third-Party Tools & Technologies Used

Multi-AV
Intrusion detection and
prevention systems
Have questions? Let's talk.
Ebryx experts are ready to answer your questions.
Contact us