Publicação
Malware hash cloud
| Resumo: | Nowadays, any system on the internet can be a target of cyber-attacks. Many of these attacks, including malware installation, have some specific indicators designated IOCs (Indicators of Compromise) that can be used to detect the same attack on other systems (e.g., hash of a malicious file). The objective of this project is to build a solution that collects and analyse these IOC’s. The first stage of the solution was to research and collect open sources of information (OSINT - Open Source Intelligence), with IOCs related to malware, and also the malware itself. This information was submitted, in turn, to a management and analysis framework designated by Viper, which allows better organization of the information about crucial aspects in a cyber-security research program. In a second phase, some additional modules, designated by bots, were developed, using the IntelMQ platform (responsible for the automatization of the correlation of the information)". These bots allow us to collect and correlate the information previously collected in Viper, with online platforms (via API access) that have additional information, like the creation date of a malicious domain available in Whois service. Finally, all the information collected from a IOC during the process is stored in a database that is a central point for blacklists generation, that can be used for perimeter protection (e.g. firewall) of an organization, and also for the support in security incident analysis. |
|---|---|
| Autores principais: | Ferreira, Paulo |
| Outros Autores: | Gonçalo, Rui; Pedrosa, Tiago |
| Assunto: | IOC OSINT Malware Cybersecurity Infosec |
| Ano: | 2017 |
| País: | Portugal |
| Tipo de documento: | documento de conferência |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Instituto Politécnico de Bragança |
| Idioma: | inglês |
| Origem: | Biblioteca Digital do IPB |
| Resumo: | Nowadays, any system on the internet can be a target of cyber-attacks. Many of these attacks, including malware installation, have some specific indicators designated IOCs (Indicators of Compromise) that can be used to detect the same attack on other systems (e.g., hash of a malicious file). The objective of this project is to build a solution that collects and analyse these IOC’s. The first stage of the solution was to research and collect open sources of information (OSINT - Open Source Intelligence), with IOCs related to malware, and also the malware itself. This information was submitted, in turn, to a management and analysis framework designated by Viper, which allows better organization of the information about crucial aspects in a cyber-security research program. In a second phase, some additional modules, designated by bots, were developed, using the IntelMQ platform (responsible for the automatization of the correlation of the information)". These bots allow us to collect and correlate the information previously collected in Viper, with online platforms (via API access) that have additional information, like the creation date of a malicious domain available in Whois service. Finally, all the information collected from a IOC during the process is stored in a database that is a central point for blacklists generation, that can be used for perimeter protection (e.g. firewall) of an organization, and also for the support in security incident analysis. |
|---|