malware analysis system empowering le cybercrime investigation division, spo malware analysis system...
TRANSCRIPT
![Page 1: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/1.jpg)
Malware Analysis System empowering LECybercrime Investigation Division, SPO
![Page 2: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/2.jpg)
Malware Analysis System, THEMIS
The
Hacking
Evidence
Malware
Investigation
System
![Page 3: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/3.jpg)
Background
Prevalence of Malware Crimes
Limited Expertise & Workforce
Loosing Connections
![Page 4: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/4.jpg)
Goals
1 Automate & Normalize Analysis
2 Trace & Monitor Criminals
3 Comprehensive Management ofMalware Information
![Page 5: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/5.jpg)
System Concept
• Correlation & Trace
• Analysis • Collection
Malware Life-Cycle based Operation
DataBase
![Page 6: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/6.jpg)
1 Collection (internal input + external resources)
Mechanism
![Page 7: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/7.jpg)
2 Analysis
STATIC
DY-NAMIC
PE Structure, Hash, Ssdeep, Strings, Decompiling, class/meth-ods info.. Provider, Receiver, Ser-
vice, Permission, SMS/CALL
File/Registry/Network/Process Event Monitoring
Network Re-source
IP, E-Mail, Name
Mechanism
![Page 8: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/8.jpg)
3 Correlation & Trace
Malware Dis-tribution Site
Malware Down-load
DNS RecordIP Do-
main
MD5/SHA2
Compilier Informa-tion
Packing Info
File Creation Time
Digital Signature
IAT/EAT TimeDateS-tamp
EOP
File Size
PE Section
File Informa-tion
File Name
EntropyRe-source Section
C&C Server
Information Leakage Sites
File Access/Cre-ation/Edition/Delete
Registry Access/Cre-ation/Edition/Delete Network Comuni-
cation
Autorun
Name Server
Anti Virus
Antivirus Signature
Engine Version
Related Process/DLL
API
Registrant
CNAMEE-mail
Whois History
File Type File Ver-sion
PTRIP2Location
User
PE Header
Malicious Behavior
Mechanism
![Page 9: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/9.jpg)
3 Correlation & Trace
Mechanism
![Page 10: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/10.jpg)
3 Correlation & Trace
Mechanism
![Page 11: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/11.jpg)
Results
1 Speed up Initial Investigation
See the Criminal Rings
Facilitate Collaboration
2
3
![Page 12: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/12.jpg)
Case I
System Intrusion
to a major company
Analyze 41 malicious files, identify 10 C&C
servers
Monitor the C&Cs changing their IPs
Seize a C&C, identify additional victims
![Page 13: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/13.jpg)
Case II
Cyber Threat
on a nuclear power
plant operator
Analyze more than 10,000 EML files
Detach 5,986 malicious files from the emails
Analyze the malicious files, clarify the function
1day
![Page 14: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d315503460f94a0a084/html5/thumbnails/14.jpg)
Malware Analysis System empowering LECybercrime Investigation Division, SPO