Empowering Malware Analysis Systems for Cybercrime Investigation
Explore a cutting-edge system that automates malware analysis, traces criminals, and enhances collaboration in cybercrime investigations. Discover how this system accelerates initial investigations, identifies criminal networks, and fosters teamwork.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Malware Analysis System empowering LE Malware Analysis System empowering LE Cybercrime Investigation Division, SPO
Malware Analysis System, THEMIS The Hacking Evidence Malware Investigation System
Background Prevalence of Malware Crimes Limited Expertise & Workforce Loosing Connections
Goals 1 Automate & Normalize Analysis 2 Trace & Monitor Criminals Comprehensive Management of Malware Information 3
System Concept Analysis Collection Correlation & Trace
Mechanism Collection (internal input + external resources) 1
Mechanism Analysis 2 STATIC STATIC DYNAMIC DYNAMIC Network Resource Network Resource File/Registry/Network/Pr ocess Event Monitoring PE Structure, Hash, Ssdeep, Strings, Decompiling, class/methods info.. IP, E-Mail, Name Provider, Receiver, Service, Permission, SMS/CALL
Mechanism Correlation & Trace 3 Antivirus Signature Anti Virus Compilier Information Engine Version Malicious Behavior File Version File Type File Access/Creation /Edition/Delete IAT/EAT TimeDateStamp File Information API Related Process/DLL Entropy Resource Section Registry Access/Creation /Edition/Delete EOP PE Header Network Comunication File Name PE Section Digital Signature Packing Info Malware Distribution Site MD5/SHA2 C&C Server Registrant File Size Autorun DNS Record Whois History File Creation Time User IP Name Server Domain IP2Location PTR Information Leakage Sites CNAME Malware Download E-mail
Mechanism Correlation & Trace 3
Mechanism Correlation & Trace 3
Results 1 Speed up Initial Investigation 2 See the Criminal Rings 3 Facilitate Collaboration
Case I System Intrusion to a major company Analyze 41 malicious files, identify 10 C&C servers Monitor the C&Cs changing their IPs Seize a C&C, identify additional victims
Case II Cyber Threat on a nuclear power plant operator 1day Analyze more than 10,000 EML files Detach 5,986 malicious files from the emails Analyze the malicious files, clarify the function
Malware Analysis System empowering LE Malware Analysis System empowering LE Cybercrime Investigation Division, SPO
