Corvus: A sandbox and threat intelligence solution for malware analysis and identification
Abstract
In this paper, we introduce Corvus, a web platform for identifying, triaging, and analyzing malware threats. By using it, users can submit unknown PDF and/or Android, Linux, and Windows files to static, dynamic, and data analysis procedures. The obtained data is reported in tables, dynamic graphs, and can be exported in formats suitable for the usage by security incident response teams. Available at https://corvus.inf.ufpr.br/.
Keywords:
malware, sandbox, intelligence, threat, analysis
References
Anderson, H. S. and Roth, P. (2018). EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints.
Botacin, M., Aghakhani, H., Ortolani, S., Kruegel, C., Vigna, G., Oliveira, D., Geus, P. L. D., and Grégio, A. (2021). One size does not t all: A longitudinal analysis of brazilian nancial malware. ACM Trans. Priv. Secur., 24(2).
Botacin, M., de Geus, P. L., and Grégio, A. (2018). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques, 14(1):87–98.
Botacin, M., Galante, L., de Geus, P., and Grégio, A. (2019). Revenge is a dish served cold: Debug-oriented malware decompilation and reassembly. In Proceedings of the 3rd Reversing and Offensive-Oriented Trends Symposium, ROOTS’19, Vienna, Austria. Association for Computing Machinery.
Ceschin, F., Botacin, M., Lüders, G., Gomes, H. M., Oliveira, L., and Gregio, A. (2020). No need to teach new tricks to old malware: Winning an evasion challenge with xorbased adversarial samples. In Reversing and Offensive-Oriented Trends Symposium, ROOTS’20, page 13–22, Vienna, Austria. Association for Computing Machinery.
Ceschin, F., Pinage, F., Castilho, M., Menotti, D., Oliveira, L. S., and Gregio, A. (2018). The need for speed: An analysis of brazilian malware classiers. IEEE Security Privacy, 16(6):31–41.
Fleshman, W., Raff, E., Sylvester, J., Forsyth, S., and McLean, M. (2019). Non-negative networks against adversarial attacks.
Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., and Nicholas, C. (2017). Malware detection by eating a whole exe.
Botacin, M., Aghakhani, H., Ortolani, S., Kruegel, C., Vigna, G., Oliveira, D., Geus, P. L. D., and Grégio, A. (2021). One size does not t all: A longitudinal analysis of brazilian nancial malware. ACM Trans. Priv. Secur., 24(2).
Botacin, M., de Geus, P. L., and Grégio, A. (2018). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques, 14(1):87–98.
Botacin, M., Galante, L., de Geus, P., and Grégio, A. (2019). Revenge is a dish served cold: Debug-oriented malware decompilation and reassembly. In Proceedings of the 3rd Reversing and Offensive-Oriented Trends Symposium, ROOTS’19, Vienna, Austria. Association for Computing Machinery.
Ceschin, F., Botacin, M., Lüders, G., Gomes, H. M., Oliveira, L., and Gregio, A. (2020). No need to teach new tricks to old malware: Winning an evasion challenge with xorbased adversarial samples. In Reversing and Offensive-Oriented Trends Symposium, ROOTS’20, page 13–22, Vienna, Austria. Association for Computing Machinery.
Ceschin, F., Pinage, F., Castilho, M., Menotti, D., Oliveira, L. S., and Gregio, A. (2018). The need for speed: An analysis of brazilian malware classiers. IEEE Security Privacy, 16(6):31–41.
Fleshman, W., Raff, E., Sylvester, J., Forsyth, S., and McLean, M. (2019). Non-negative networks against adversarial attacks.
Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., and Nicholas, C. (2017). Malware detection by eating a whole exe.
Published
2021-10-04
How to Cite
BOTACIN, Marcus; CESCHIN, Fabrício; GRÉGIO, André.
Corvus: A sandbox and threat intelligence solution for malware analysis and identification. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 50-57.
DOI: https://doi.org/10.5753/sbseg_estendido.2021.17339.
