What is Recorded Future Triage?
Recorded Future Triage offers dynamic analysis for Windows, Linux, Mac, and Android files. It runs the files in a cloud-hosted environment and provides you with a detailed report on the behavior of the malware that includes malicious scoring of the file. It was created by people who were originally involved with Cuckoo Sandbox.
In the 3.4 release, we added our first basic integration with the Recorded Future Triage sandbox. The integration allows you to choose files to upload to the sandbox and then later get the results.
Whom is it built for?
Internal IR Teams.
Why is it useful?
This feature allows you to get a better understanding of what a file is capable of doing so that you can find additional evidence or commit to a file being good or bad.
Where is it used?
The expected use cases are:
- You’ve collected hundreds of executable files and libraries from a suspect system and processed them with Cyber Triage. It’s scoring algorithms and integration with ReversingLabs (which includes 40+ malware detection tools) results in a couple of files being marked as suspicious. You’re not sure if the file was marked as suspicious as a false positive or if it is truly bad. You can use the Recorded Future Triage sandbox to get more information.
- ReversingLabs scores the file as bad and you want to better understand what the process did. You can submit it to the sandbox, identify what files were created and then open those up to see what data was collected.
What is the required Cyber Triage version?
Standard and Team.
- Blog Post: Sandboxing Malicious Files: Recorded Future Triage Integration
- Recorded Future Triage Website: https://tria.ge/
*For more information about this integration, contact our sales team: firstname.lastname@example.org.