Mandiant, Inc.
Detection center to detect targeted malware

Abstract:

A computerized method is described that is adapted to compare extracted features of a received object under analysis with one or more features associated with each known malicious object of a plurality of known malicious objects accessible to the one or more servers. Responsive to determining that the extracted features satisfy a prescribed level of correlation with the one or more features of a first known malicious object of the plurality of known malicious objects, identifying the received object as a malicious object. Also, responsive to determining that the extracted features fail to satisfy the prescribed level of correlation, conducting a second analysis that includes a comparison of the extracted features to the one or more features associated with each of the plurality of known malicious objects being of a type of malware other than malware targeting a specific entity.