Falcon MalQuery is an advanced, cloud-based malware research tool designed to enable malware researchers, security forensics, incident response, and cyber threat intelligence teams to find historical and related malware samples for further investigation.
Falcon MalQuery is based on the fact that malware developers reuse code and infrastructure - and this reuse leaves traceable fingerprints. If you can identify these fingerprints, or artifacts, in other malware samples, you get a glimpse into the ancestry of the malware and expand your detection capabilities, further your understanding, and protect your organization.
When investigating new malware samples, you most likely begin by detonating the file in a malware sandbox that will identify interesting strings and potentially malicious domains and IPs. Falcon MalQuery is used just like a search engine. You can search for these strings (or use YARA rules) across Falcon MalQuery’s massive, multi-year collection of over 3.5 billion malware samples. The results include IOCs, links to download the related malware samples, attribution, links to the actor profiles, and much more.
A demo of how Falcon MalQuery works in operation is available in the CrowdStrike Tech Center.