Getting Started

Welcome to Mallory, a platform designed to help you stay ahead of emerging cybersecurity threats. Mallory offers valuable features to support Cyber Threat Intelligence (CTI), Security Operations (SOC) and Risk Management (VM, CTEM, GRC) needs.

What to Expect

Mallory provides the following core features:

• Chat – A contextualized conversational interface that allows analysts to query, explore, and reason over Mallory’s intelligence data. It understands entities, relationships, and recent activity, enabling rapid investigation and insight generation through natural dialogue.

• Current Events – A curated overview of the latest threats and vulnerabilities sourced from open intelligence, analyzed, and summarized to enable easy consumption and operationalization.

• Threat Entities - A rosetta stone and encyclopedia of known threat actors, malware, vulnerabilities and other entity types. Including detailed information about actor tactics, and related intelligence.

• Threat Indicators - A feed of known activity related to observable suspicious or malicious behavior discovered on the internet.

We are actively developing additional features to enhance Mallory’s capabilities, so stay tuned for updates!

Understanding Key Concepts

To make the most of Mallory, it's helpful to understand the core concepts that power its intelligence capabilities. You can explore these in detail on the Concepts Page, but here’s a brief overview:

To make the most of Mallory, it’s helpful to understand the core concepts that power its intelligence capabilities. You can explore these in detail on the Concepts Page, but here’s a brief overview:

Foundational Concepts – Mallory ingests and processes Open Source Intelligence (OSINT) at scale, transforming vast amounts of publicly available data into structured, actionable intelligence. Mallory collects thousands of blog posts, advisories, and reports daily, automatically extracting entities and relationships from each.

Sources – Data is collected from a wide range of open and technical sources, including threat reports, advisories, security blogs, paste sites, malware repositories, and social platforms.

- Example: A Microsoft blog, a VirusTotal feed, or a tweetstream from a security researcher can all serve as source material.

References & Content Chunks – Each source is stored as a Reference containing one or more Content Chunks. These chunks are automatically analyzed to extract entities, relationships, and insights — revealing the deeper context behind what’s being reported.

- Example: A single reference (e.g., a blog post) may contain multiple content chunks covering different malware families, campaigns, or IOCs.

Mentions – Mentions create links between Entities and the References that discuss them. This enables Mallory to trace where, when, and how entities are discussed across the intelligence landscape.

- Example: If “APT29” and “Sogu malware” appear in the same article, Mallory records that both entities were mentioned in that reference.

Entities – Entities represent core objects in the threat ecosystem, such as malware, ransomware, threat actors, vulnerabilities, campaigns, and organizations. Mallory continuously updates these entities with the latest verified intelligence and relationships.

- Example: The “LockBit” ransomware entity includes its aliases, associated campaigns, targeted industries, and related IOCs.

Indicators – Indicators represent observable evidence of potential malicious activity — such as IP addresses, domains, file hashes, URLs, and email addresses. Mallory aggregates and enriches these observables from multiple sources, correlating them with related entities (e.g., malware families or threat actors) and tracking their activity over time. This enables analysts to pivot from high-level intelligence to concrete technical artifacts for detection, hunting, and response.

- Example: A file hash tied to a QakBot campaign may link to known C2 IPs, observed phishing domains, and recent detection activity.

Next Steps

Now that you’re familiar with Mallory’s concepts at a highlevel , here’s what you can do next:

• Gain a deeper understanding of how Mallory operates under the hood in the Concepts section.

• Check Current Events – Get the latest threat intelligence updates.

• Browse the Intelligence – Search for entities relevant to your needs.