Mossé Security is urgently inviting all Australian organisations to join us in the fight against cyber criminals and nation-state sponsored illegal activities. We are committed to nationwide cyber defence and highly equipped with capabilities that are otherwise unavailable to most organisations. Therefore, Mossé Security is making an urgent invitational call to any and all Australian organisations that want to contribute to stopping cyber crimes by accepting our offer of free-of-charge, threat research services. Let’s work together to help stop cyber crimes against our good nation.
We are fighting against cyber adversaries who compromise the networks of hundreds of organisations every year. They steal intellectual property, personal information and business documents. They hold companies ransom and blackmail executive teams. In too many cases, their activities go unpunished which in turn only entices them to be more aggressive.
For most Australian organisations, the cost of reverse-engineering malware, tracking attack campaigns, performing structed intelligence analysis and deanonymizing threat actors is too high. The business cases for these investments is not properly understood and thus is not acted on by business leaders.
One of the most effective ways to detect advanced adversaries is by making a copy of every piece of software that executes in your network for a certified security analyst to analyse. Adversaries may go undetected for months or years, but if we have a copy of their malware, then we are guaranteed to find them.
One malware leads us to another and another until all their toolkits are identified. At which point, detections may be written, law enforcement may be notified, and solutions may be put in place that will make it incredibly difficult for the adversaries to reuse the same tools and tactics to regain access to a network or compromise somebody else.
In some cases, it may be possible to get the adversaries arrested and put an end to their activities once and for all.
This process is called Threat Research and it takes hundreds of man-hours from trained security analysts to perform.
Organisations that see the high value of our offer and who are keen to participate must upload executables seen in their networks into our datacentre in order for Mossé Security to perform threat hunting and research.
Some of the partners who have already onboarded to participate in this service use it in the following ways:
Mossé Security delivers numerous paid threat hunting exercises and breach assessments per year for customers that want to receive dedicated worktime from our security analysts for due diligence, risk mitigation and incident response purposes.
Our reasons for offering such a valuable service at no charge are quite simple. Firstly, many organisations who hesitate to invest in consistent threat research generally underestimate the crucial value of what they can save themselves from. Secondly, we can share our threat detections across organisations, reduce the cost of expert security services,and deliver a service that can benefit thousands of organisations nationwide.
The file extensions that we scan for are:
".acm", ".ax", ".cpl", ".dll", ".drv", ".efi", ".exe", ".mui", ".ocx", ".scr", ".sys", ".tsp", ".vbs", ".ps1", ".bat", ".js", ".vb", ".vbe", ".wsc", ".wsf", ".wsh", ".psd1", ".psm1", ".ps1xml", ".clixml", ".psc1", ".pssc", ".dump", ".www", ".ct", ".lnk", ".hta", ".crt", ".msc", ".bas", ".cmd", ".com", ".chm", ".tmp", ".jse", ".psc2", ".ps2xml", ".inf", ".pif", ".application", ".gadget", ".ws", ".msh", ".msh1", ".msh2", ".mshxml", ".msh1xml", ".msh2xml", ".reg"
We also give you direct access to our API along with its documentation so that you may write your own upload tool if ours doesn’t meet your requirements.
Our tool is provided with full source code access under GPLv3 licence.
Uploading suspicious files to Virus Total (VT) is not recommended by us as a course of action against threats:
Virus Total could be a potentially a good tool for security analysts who have received formal training in interpreting the tool’s output properly. Laypeople would do well to avoid basing any major security decisions on this tool’s output.
Mossé Security does not sell the results of its research.
Neither do we share our YARA rules, or the C2 domain names we’ve identified, or the MD5 hashes, or any newly identified malware techniques with 3rd party vendors.