Guides
Start typing to search…

Threatray On-Boarding Documentation

Threatray is a unique and powerful platform. Because it has a learning curve, we strongly recommend working through the onboarding material.

Below you will find a three-part onboarding series, each part covering one of the main areas of Threatray functionalities.

The onboarding material consists of videos and the slides used in those videos. Each onboarding also includes malware examples that you can replay in your Threatray instance.

We are currently on a brand-new release of Threatray. The videos and slides are high-quality content, though the voice quality is still pre-production.


Part 1 – Intro to Threatray and Malware Classification

The first session provides Threatray background and discusses how to submit files for analysis and how to use our analysis reports, including the sandboxing and binary intelligence view. We also give a deep dive on Threatray’s leading malware classification capabilities based on our unique code reuse signatures. You can follow along with the onboarding session slides here.


Part 2 – Intelligence Capabilities

The second session covers our intelligence capabilities. We talk about private and public data repositories and ways to search them and pivot across them. We provide classical search capabilities—searching for IPs, domains, process names, etc.—as well as unique capabilities based on code similarity search. This is our OSINT feature, which links unknown samples under investigation to OSINT reports (e.g., blogs, tweets) through code similarity. We also show our point-and-click code retro-hunting feature that allows pivoting on code. You can follow along with the onboarding session slides here.


Part 3 – Intelligence-Enabled Reverse Engineering

The third session is for reverse engineers and covers our IDA Pro plugin. The plugin has three key features: (1) function-level labeling of unknown code into malware families and benign library/runtime code; (2) code cluster analysis to quickly discover common code among a set of samples; and (3) function-level retro-hunting that allows you to select one or more functions in IDA Pro and search the Threatray repositories for binaries containing similar or matching functions. You can follow along with the onboarding session slides here.

A Binary Ninja plugin is on our roadmap and will follow in Q1.





Updated 8 days ago