Malpedia: A Collaborative Effort to Inventorize the Malware Landscape Daniel Plohmann @push_pnx
[email protected] 2017-12-07 | Botconf, Montpellier Martin Clauß martin.clauß@fkie.fraunhofer.de Steffen Enders
[email protected] Elmar Padilla
[email protected] 1 © Cyber Analysis and Defense Department, Fraunhofer FKIE $whoami Daniel Plohmann Security Researcher @ Fraunhofer (Europe‘s largest organisation for applied research) Research Scope: Malware Analysis Reverse Engineering Automation 2 © Cyber Analysis and Defense Department, Fraunhofer FKIE Outline Summary Motivation (or: how it began) Approach The Malpedia Corpus & Platform A Comparative Structural Analysis of Windows Malware Future Plans / Conclusion 3 © Cyber Analysis and Defense Department, Fraunhofer FKIE Summary 4 © Cyber Analysis and Defense Department, Fraunhofer FKIE Summary TL;DR What is Malpedia? A free, independent, pooled resource for confidently labeled, unpacked reference samples for malware families and versions Meta data tracker for info such as references (analysis reports, blogs, …), YARA rules, actors, tied to these families Status (2017-12-01): 2491 samples for 669 families, multi-platform (WIN, ELF, APK, OSX, …) Our Contributions Definition of requirements for malware corpora and a reference corpus + platform implementing these A Comprehensive, quantitative static analysis of structural features for 446 Windows malware families 5 © Cyber Analysis and Defense Department, Fraunhofer FKIE Motivation … or