Talk With an Expert

Lightweight Python-Based Malware Analysis Pipeline

Lightweight Python-Based Malware Analysis Pipeline (PDF, 6.95MB)Published: 09 Feb, 2023
Created by
Marco Gfeller

Sharing threat information through Indicators of Compromise (IOC), Tactics, Techniques, and Procedures (TTP) used by threat actors improves cyber security by actively protecting and monitoring an organization's network. The well-known Malware Information Sharing Platform (MISP, 2022), initially developed by the Belgian CERT and NATO CERT, is the ultimate platform to share such information throughout the cyber security community. To generate new IOCs, companies need to have an automated way to analyze suspicious binaries, generate high-value indicators and share them.

This research paper provides a self-developed Malware Analysis Pipeline tool to analyze potentially malicious email attachments automatically. The attachments run through a plugin-based Python Malware Analysis Pipeline and are sent to various sandboxes. All the information gained by the sandboxes and their reports is then shared in the MISP. Furthermore, all binaries are shared on the free malware-sharing platform MalwareBazaar (MalwareBazaar, 2022), run by abuse.ch.