IoCs from public sandboxes Dec 2022

Boosting Threat Intel with Automatic Sandbox IoC Gathering

Introducing the new Auto-Collection of IoCs from Public Sandboxes feature, now available on the RST Cloud Threat Intel Engine!

As of November 2022, our platform has started automatically collecting indicators of compromise (IoCs) from the most popular public sandboxes. But we don’t stop there. After the collection process is complete, we aggregate the data and cross-verify it with all the information we’ve gathered from other sources. This helps us filter out any noise and more accurately score the data using our intelligent algorithm.

But what exactly are the benefits of collecting IoCs from sandboxes? For starters, it allows us to more quickly identify unknown malware. This is because sandboxes provide a controlled environment for executing suspicious files, allowing us to observe their behavior and extract useful IoCs for threats that are currently in the wild.

In addition, collecting IoCs from sandboxes gives us more information to feed into our filtering engine. By continuously analyzing what is considered “standard” behavior and what is a deviation, we can more accurately identify and alert on potential threats.

As an example of the volume of data we’re able to collect from online sandboxes, in December alone we were able to gather 40000 unique IoCs. And rest assured, each indicator undergoes a thorough analysis through our engine, including filtering, attribution, enrichment, and ranking. The IoCs are available for our RST Threat Feed customers.

While IoCs collected from sandboxes may lack sufficient context, our platform’s automatic gathering and verification process from popular public sandboxes, coupled with enrichment from other sources, helps filter out noise and accurately score the data using our intelligent algorithm. This improves malware detection and protection efforts.

We’re confident that the addition of the Auto-Collection of IoCs from Public Sandboxes feature will greatly enhance our ability to protect our customers from the constantly evolving threat landscape. Try it out today and see the difference it can make for your organization.