Скачать или смотреть Lightweight Python-Based Malware Analysis Pipeline

Sharing threat information through Indicators of Compromise (IOC), Tactics, Techniques, and Procedures (TTP) used by threat actors improves cyber security by actively protecting and monitoring an organization's network. The well-known Malware Information Sharing Platform (MISP, 2022), initially developed by the Belgian CERT and NATO CERT, is the ultimate platform to share such information throughout the cyber security community. To generate new IOCs, companies need to have an automated way to analyze suspicious binaries, generate high-value indicators and share them.

LPMAP provides a self-developed Malware Analysis Pipeline tool to analyze potentially malicious email attachments automatically. The attachments run through a plugin-based Python Malware Analysis Pipeline and are sent to various sandboxes. All the information gained by the sandboxes and their reports is then shared in the MISP. Furthermore, all binaries are shared on the free malware-sharing platform MalwareBazaar.abuse.ch.

Timecodes:
0:00 - Introduction
0:16 - Start Python Rich Malware Analysis Pipeline Framework
0:40 - Start Lightweight Python-based Malware Analysis Pipeline
0:53 - Email Plugin
1:33 - Unpack Plugin
2:20 - Joebox Plugin
3:24 - Triage Plugin
4:17 - Yara Plugin
4:49 - PCAP Plugin
5:21 - MalwareBazaar Plugin
5:52 - Statistics Plugin
6:27 - MISP Plugin
7:10 - MISP Event

GitHub Repo: https://github.com/threatcat-ch/malware-an...
Documentation: https://www.sans.org/white-papers/lightwei...

Song: Sappheiros - Dawn (Vlog No Copyright Music)
Music promoted by Vlog No Copyright Music.
Video Link:    • Видео