Abstract: According to one embodiment, an electronic device features processing circuitry and memory that includes a first logic and a second logic. When executed by the processing circuitry, the first logic organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source, where the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source that is different from the first source and an origin of the one or more IOCs is unknown. The second logic conducts a predictive analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and determines a threat level. The threat level signifies a degree of confidence that IOCs received from the second source are caused by the known origin of the first plurality of IOCs.

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Abstract: According to one embodiment, in response to receiving a plurality of uniform resource locator (URL) links for malicious determination, any known URL links are removed from the URL links based on a list of known link signatures. For each of remaining URL links that are unknown, a link analysis is performed on the URL link based on link heuristics to determine whether the URL link is suspicious. For each of the suspicious URL links, a dynamic analysis is performed on a resource of the suspicious URL link. It is classified whether the suspicious URL link is a malicious link based on a behavior of the resource during the dynamic analysis.

Abstract: According to one embodiment, an electronic device features processing circuitry and memory that includes a first logic and a second logic. When executed by the processing circuitry, the first logic organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source, where the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source that is different from the first source and an origin of the one or more IOCs is unknown. The second logic conducts a predictive analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and determines a threat level. The threat level signifies a degree of confidence that IOCs received from the second source are caused by the known origin of the first plurality of IOCs.

Abstract: Systems and methods for detecting malicious content are provided. In an exemplary embodiment, a method for detecting malicious content is described that detects when a client device has access to a remote network server of a communication network. The client device includes one or more processors. Thereafter, a controller being a device separate from the client device, activates one or more security programs within the remote network server. The security programs enable the controller to analyze data stored within or transmitted from the remote network server. Lastly, the controller analyzing the data to determine whether the data includes malware.

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Abstract: According to one embodiment, an electronic device features processing circuitry and memory that includes a first logic and a second logic. When executed by the processing circuitry, the first logic organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source, where the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source that is different from the first source and an origin of the one or more IOCs is unknown. The second logic conducts a predictive analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and determines a threat level. The threat level signifies a degree of confidence that IOCs received from the second source are caused by the known origin of the first plurality of IOCs.

Abstract: According to one embodiment, in response to receiving a plurality of uniform resource locator (URL) links for malicious determination, any known URL links are removed from the URL links based on a list of known link signatures. For each of remaining URL links that are unknown, a link analysis is performed on the URL link based on link heuristics to determine whether the URL link is suspicious. For each of the suspicious URL links, a dynamic analysis is performed on a resource of the suspicious URL link. It is classified whether the suspicious URL link is a malicious link based on a behavior of the resource during the dynamic analysis.

Abstract: Phishing detection techniques for predicting a password for decrypting an attachment for the purpose of malicious content detection are described herein. According to one embodiment, in response to a communication message, as such an electronic mail (email) message having an encrypted attachment, content of the communication message is parsed to predict a password based on a pattern of the content. The encrypted attachment is then decrypted using the predicted password to generate a decrypted attachment. Thereafter, a malicious content analysis is performed on the decrypted attachment to determine a likelihood as to whether the decrypted attachment contains malicious content.

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Abstract: According to one embodiment, a computerized method comprises receiving a set of indicators of compromise (IOCs) associated with a known malware of a first message type from a first source and receiving one or more IOCs (IOC(s)) from a second source that is different from the first source. Thereafter, a determination is made as to whether the received IOC(s) from the second source correspond to the set of IOCs received from the first source. If so, information associated with at least the set of IOCs is used to locate a malware of the first message type that is undetected at the second source.

Abstract: Systems and methods for detecting malicious content on portable data storage devices or remote network servers are provided. In an exemplary embodiment, a system comprises a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable data storage devices, a controller configured to receive from the security appliance, via a communication network, data associated with the portable data storage devices, an analysis module configured to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the one or more portable data storage devices storing the malware.

Abstract: According to one embodiment, a computerized method comprises receiving a set of indicators of compromise (IOCs) associated with a known malware of a first message type from a first source and receiving one or more IOCs (IOC(s)) from a second source that is different from the first source. Thereafter, a determination is made as to whether the received IOC(s) from the second source correspond to the set of IOCs received from the first source. If so, information associated with at least the set of IOCs is used to locate a malware of the first message type that is undetected at the second source.

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Abstract: According to one embodiment, in response to receiving a plurality of uniform resource locator (URL) links for malicious determination, any known URL links are removed from the URL links based on a list of known link signatures. For each of remaining URL links that are unknown, a link analysis is performed on the URL link based on link heuristics to determine whether the URL link is suspicious. For each of the suspicious URL links, a dynamic analysis is performed on a resource of the suspicious URL link. It is classified whether the suspicious URL link is a malicious link based on a behavior of the resource during the dynamic analysis.

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Abstract: According to one embodiment, in response to receiving a plurality of uniform resource locator (URL) links for malicious determination, any known URL links are removed from the URL links based on a list of known link signatures. For each of remaining URL links that are unknown, a link analysis is performed on the URL link based on link heuristics to determine whether the URL link is suspicious. For each of the suspicious URL links, a dynamic analysis is performed on a resource of the suspicious URL link. It is classified whether the suspicious URL link is a malicious link based on a behavior of the resource during the dynamic analysis.

Abstract: Systems and methods for detecting malicious content on portable data storage devices or remote network servers are provided. In an exemplary embodiment, a system comprises a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable data storage devices, a controller configured to receive from the security appliance, via a communication network, data associated with the portable data storage devices, an analysis module configured to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the one or more portable data storage devices storing the malware.

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.