Cagatay Yucel; Adam Lockett; Ioannis Chalkias; Dimitrios Mallis; Vasilios Katos
Information & Security: An International Journal, vol. 50, no. 1 (2021): 49-65
cyber threat intelligence, dynamic analysis, malware analysis, malware intelligence, static analysis
Malware is the instrument that delivers the decisive blow in cyber-attacks. A first-time presented malware or an updated malware can remain undetected and stealth until the attackers achieve their objectives. Information about malware and its use needs to be shared with other entities that are protecting their infrastructure from the same or similar threats. Malware intelligence can be critical in a rapidly changing threat landscape, allowing entities to respond to incidents in a successful and timely manner. We introduce the Malware Analysis and Intelligence Tool, a tool that uses state-of-the-art malware analysers (static and dynamic), combined with open-source malware databases to provide a malware signature and an intelligence report that is collected from publicly available cyber threat intelligence sources. The tool can be used to obtain chronological data for a malicious file, related vulnerabilities, and towards providing attribution and techniques, tactics and procedures when used in attacks from Advanced Persistent Threat groups.