This document describes the NSA's way of dealing with adversarie's malware. Their strategy relies on their advanced SIGINT capabilities to ease the process of discovering emerging threats actors and software. After analysis, tailored countermeasures are deployed on the network to work against the malware plans. They use their SIGINT infrastructure finally deploy the counter attack, which can be for example interception, denial or substitution of the requests that would have otherwise delivered the malware.