Underworld runs a malware database which focus on performing automatic analysis of certain types of malware in order to find out what it does. Our goal is not to explore the code of the trojan itself like other research do, but to map and correlate the payload of the trojan.

The malware database uses a cluster of sandboxes in order to analyse the malware and inspect the payload.

This payload is used to warn the company or organization that is under attack and to give them a way to protect themselves.