Visible to the public The Making of Indicator of Compromise using Malware Reverse Engineering Techniques

TitleThe Making of Indicator of Compromise using Malware Reverse Engineering Techniques
Publication TypeConference Paper
Year of Publication2020
AuthorsAkram, B., Ogi, D.
Conference Name2020 International Conference on ICT for Smart Society (ICISS)
Date PublishedNov. 2020
PublisherIEEE
ISBN Number978-0-7381-4355-2
KeywordsBIOS, Computer architecture, Human Behavior, indicators of compromise, Malware, malware analysis, Malware Threat, Metrics, Packed Malware, pubcrawl, resilience, Resiliency, reverse engineering, Scalability, security, Software, static analysis, Tools
Abstract

Malware threats often go undetected immediately, because attackers can camouflage well within the system. The users realize this after the devices stop working and cause harm for them. One way to deceive malicious content detection, malware authors use packers. Malware analysis is an activity to gain knowledge about malware. Reverse engineering is a technique used to identify and deal with new viruses or to understand malware behavior. Therefore, this technique can be the right choice for conducting malware analysis, especially for malware with packers. The results of the analysis are used as a source for making creating indicator of compromise in the YARA rule format. YARA rule is used as a component for detecting malware using the indicators obtained in the analysis process.

URLhttps://ieeexplore.ieee.org/document/9307581
DOI10.1109/ICISS50791.2020.9307581
Citation Keyakram_making_2020