Skip to main content

Spectra Intelligence Detection Rate

Hashes are a fragile identification method, as a known file with only an extra byte immediately becomes unknown. When it comes to threat identification, it helps to have actual binaries to give a precise classification/detection.

A large set of unknown hashes in your reports typically stems from one or more of the following reasons:

  1. Polymorphic malware - Hash-unique file variants seen only in a specific environment.

  2. Internally generated files - Files created within your organization and not shared with ReversingLabs or made publicly available (e.g., Red Team tools or custom test files).

  3. Private or embargoed threat intel - Some hashes originate from APT reports or blog posts where the corresponding binaries are not shared.

  4. Spectra Intelligence unavailability - If the daily query limit is exceeded or there are network/connectivity issues between Spectra Detect and Spectra Intelligence, reports may lack Spectra Intelligence data. This can lead to false negatives if Spectra Core doesn’t flag the file but Spectra Intelligence would have.

  5. Misconfiguration or insufficient permissions - If Spectra Intelligence isn't properly configured, or if the account lacks access to necessary APIs, detection data will be missing from reports.