Hatching: partners in malware analysis
We offer multiple services to enhance your Cuckoo Sandbox & malware analysis experience altogether. On top of our services we also actively work on & are interested in consultancy projects.
|Minor feature requests & bug fixes|
Basic Support provides a limited amount of support hours from the Hatching team on all Cuckoo-related topics. Customers may use Basic Support for questions on picking the right hardware, deploying, maintaining, and updating Cuckoo Sandbox. We also provide advice for running specific malware samples (e.g., those that require extra steps or special environments to run) and all Cuckoo questions in general.
With Cuckoo being a complex project including many different usage
patterns and possibilities in terms of analysis environments we
find that users often end up with many questions that are not
necessarily documented or require too much time to investigate.
This support package ensures your organization that you're getting the advice that's needed within a timely manner, effectively helping you use Cuckoo Sandbox more efficiently.
Advanced Support provides a well-featured enterprise-ready technical support package including Remote Hands, priority with minor feature requests & bug fixes, and help with Malware Investigations on top of the Basic Support package.
With the remote hands service we can help customers with
installing and maintaining Cuckoo Sandbox, help with usage on all
levels (including explaining of basic functionality), quick
investigations of issues and/or potential bugs, and more.
Additionally this package includes minor feature requests & bug fixes, such that any identified issues will be resolved shortly.
We provide support with analyzing or improving analysis capabilities within Cuckoo Sandbox for specific malware samples or families. This service is especially useful if you need to get that one-off malware to be analyzed thoroughly and quickly.
Enterprise Support provides a fully-featured enterprise-ready malware analysis environment package that reduces the TCO (Total Cost of Ownership) through a fully managed Cuckoo Sandbox environment including our Hatching Hardening component. This package also includes everything from the Basic & Advanced packages.
Through a fully managed Cuckoo setup we make sure everything is and remains up-and-running, functions correctly, and is updated whenever we push out a new release or bug fix.
Through continuous hardening efforts on our side we ensure that our customers use the most stealthy virtual machines possible. In practice this results in malware being analyzed more correctly and therefore Cuckoo will produce better results.
Hatching Triage is our flagship product which leverages our years of
knowledge in order to provide the ultimate malware analysis
Hatching Triage performs an initial triage through numerous static analysis components, Yara rules, and unpacking plugins. After the initial triage, samples are analyzed using multiple flavors of Cuckoo Sandbox and internal products, including but not limited to upstream Cuckoo Sandbox, cuckoo-modified, CAPE, a zer0m0n-based environment, Hatching Metal (optional), and in the future Hatching Visor (optional, a malware analysis hypervisor).
Hatching Triage obtains the results from the various sandboxes & environments and combines them into one consolidated report.
On top of the virtual analysis environments that Hatching Triage offers by default we also feature advanced Bare Metal analysis capabilities. For Bare Metal analyses we use real laptops and/or desktops to perform the malware analyses, therefore avoiding anti-VM techniques often used by malware.
In order to get a new or existing team up-to-speed as fast as possible we provide private trainings. These trainings are tailored to fit the exact use-cases, interests, and allocated time as per the wishes of the client.
Hatching SOC provides services for maintaining and monitoring
high-performance Triage clusters and real-time investigations &
detection improvements for the latest malware samples and Phishing
emails. Hatching SOC may be utilized for offloading certain
expertises (such as Reverse Engineering) or for offloading the
technical aspects of specific teams entirely (e.g., abuse@).
Hatching SOC is the perfect match for large organizations with well established CERT / CSIRT / SOC teams, MSSPs, and vendors that require large-scale malware analysis capabilities or wish to outsource the technical work that comes with malware analysis.
Interested, not sure if our packages are what you're looking for, or in need of additional information or pricing?