Advanced Solutions Incorporation International

ASI Astro

  • ASI Astro

Malware Intelligence and Hunting Solution​

Astro is a specialized Intelligence and Malware Hunting solution – a tool that allows security professionals or organizations and businesses to conduct research on malware families, cybercriminals. Astro is built on a platform that continuously monitors, collects data, enrich information about malware and cybercrime. Astro is a combination of tools: Security Knowledge, Reputation Lookup, Malware Investigation, Malware Hunting, Digital Footprint Intelligence, Continuous Threat Monitoring, Threat Data Feeds.

Astro Overview

Security Knowledge

Astro provides you with specialized knowledge about cybercrime and malware: identity of cybercriminals, cyberattack activities, identity of malware, techniques used by malware, target of attacks, exploited vulnerabilities, and associated attack indicators (IOCs). The knowledge base contains information about cybercriminals, malware families that have never been publicly released.

The knowledge base provides you with sample files and reports related to malicious code for convenient research, also includes detailed behavioral reports (sandbox reports).

The knowledge base is continuously enriched by advanced information collection, classification, and clustering technology along with a team of cybersecurity experts with many years of experience in hunting and researching cybercriminals, malware families.

Reputation Lookup

Astro provides a tool to query the reputation of any file, IP address, domain name. Reputation data is aggregated from multiple data sources, providing you with as much information as possible, helping customers make quick decisions in reviewing and detecting cybersecurity threats.

The tool supports access via portal or API. Using APIs, security solutions easily integrate with Astro to prevent malicious code-related threats.

Malware Investigation

You can find information about malware and malware-related issues (cybercriminals, cyberattacks, victims, indicators) through Astro's Advanced Search engine. The Advanced Search engine supports multiple search criteria and nested conditions.

Next to the Advanced Search tool is the Research Graph tool. With this tool, you can access Astro's data in the form of visualizations using connection graphs. Through this, you can in-depth investigation of attack indicators, finding relationships with knowledge of known cybercriminals and malware. Investigation data exists as personal data or is shared depending on the needs of you.

Malware Hunting
Astro provides powerful tools for you to hunt for malware: hunting based on memory pattern with YARA rule set, hunting based on network pattern with the IDS rule set, hunting based on behavior patterns. The hunt is not limited to Astro's knowledge base, but also extends to world-renowned malware repositories.Astro also provides tools to filter out similar files: SSDEEP, IMPHASH, PE RICH HASH, Code Blocks.
Digital Footprint Intelligence
Although very cunning, but like any Internet user, cybercriminals will leave certain traces on cyberspace (Passive Digital Footprint). Based on a continuously enriched knowledge base on cybercrime, malware, and analysis, statistics, classification tools, Astro has the ability to provide a "digital footprint" of cybercriminals: C&C domain-specific footprint, C&C server-specific footprint, SSL certificate-specific footprint, service port-specific footprint, decoy file-specific footprint, ...
Continuous Threat Monitoring
Astro provides tools for you to monitor threats that need attention. Threats are monitored through a variety of data sources from the Surface Web to the Dark Web and service data sources. Any new or updated information regarding the threat will be immediately notified to you.
Threat Data Feeds
Astro provides MRTI (Machine Readable Threat Intelligence) of Threat Feeds (IP, domain, hash, ...) with STIX/TAXII for solutions such as SIEM, IPS/IDS, Antivirus,... Threat Feeds are automatically synchronized with the latest malware and threats quickly, without delay or human intervention.

Maximize known and unlock hidden values with Astro

Based on in-depth research on malware and APT  attacks, Astro provides insight into your adversaries and maximizes the performance of every component of your cyber security system.

Knowledge of malware an cybercrime

Stores information and data (including malware sample files, detailed analysis reports on malicious code) of hundreds of malware families and cybercriminals

Data enrichment on cybersecurity

Astro will be a valuable data source for systems that aggregate, integrate security threat data and monitoring systems such as firewalls, SIEM, IDS/IPS, EDR

Alerts tailored to your needs

You can use Astro to track cyberattack activity to organizations similar to your own, or to monitor whether your networks are being used by hackers for attack activities

Understanding the threat actor​

With Astro, you will know the "digital footprint" of cybercriminals, the unique characteristics of each crime

Hunting & providing malware samples

With powerful search and hunting platform, you easily hunt malicious files on demand and download these files for research purposes

A platform for investigation and tracing

The data is visualized, enriching information to combine with available knowledge sources, forming relationships

How Astro's Knowledge of Malware and Cybercrime was formed

The continuous monitoring and hunting of threats in cyberspace by a team of experts: A team of cybersecurity experts with many years of experience is the force that forms the basis for cybercrime and malware knowledge. This team has been monitoring, hunting, and analyzing cyber threats for many years, especially those related to APT attacks. After forming the basis data, the team of experts continues to be the leading force in data mining and operation: any expanded threats will be moderated by the team; the strategy to hunt for new threats was developed by the team on the basis of studying the “digital footprints” of cybercriminals, …

The computing machine enlarges the relationship to known threats: In parallel with the monitoring and hunting of experts to add new knowledge to Astro is the operation of the computing machine. The computing machine is programmed to scour the world’s famous malware stores such as VirusTotal, any.run, Hybrid Analysis, VirusShare as well as sources from Surface Web, Dark Web that regularly publish information about malware to gather information in order to enlarge relationships for known threats. However, this enlargement process has been calculated to minimize the “misleading” enlarge to clean data (for example, some malicious code opens connections to popular Microsoft domains, Apple, Intel to fool monitoring tools). Specifically, the computing machine can find new IP addresses associated with known C&C domains or new malicious files associated with known C&C IP addresses, …

The computing machine enriches data about threats: Along with enlarging relationships to expand knowledge, programmed computing machine continuously enrich data for known indicators. The computing machine enriches domain name registration, server registration, server service port information, file metadata, file dynamic analysis report (Sandbox Report). The enriched data continues to be classified and counted by the computing machine, forming “digital footprint” of cybercriminals.

Use the malware intelligence and hunting solution to thwart the malware and threat actors targeting your business

Talk to sales