{ "name": "Malware Analysis - Accelerating Analysis When It Matters", "slug": "malware-analysis-accelerating-analysis-when-it-matters", "description": "This report provides information on how security professionals can expedite the analysis of multiple malware samples. By utilizing automated techniques, such as malware configuration parsing, analysts can quickly determine malware families, extract network indicators, and enhance detection and response capabilities. The report highlights a case study where this approach was applied to a set of samples related to cyberattacks targeting Ukrainian entities, facilitating a rapid and effective response.", "published": "2024-07-24T14:57:19+00:00", "created_at": "2024-07-24T14:57:19+00:00", "modified_at": "2024-07-24T15:16:04+00:00", "created_at_opencti": "2024-07-24T14:57:19+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-24", "malware analysis" ], "related_entities": { "observables": [ { "id": "", "name": "5.42.64.67" }, { "id": "", "name": "177.105.132.70" }, { "id": "", "name": "177.105.132.124" }, { "id": "", "name": "142.132.232.235" }, { "id": "", "name": "128.140.69.37" }, { "id": "", "name": "82.147.85.205" }, { "id": "", "name": "77.105.132.70" }, { "id": "", "name": "reviveincapablewew.pw" }, { "id": "", "name": "ratefacilityframw.fun" }, { "id": "", "name": "pinkipinevazzey.pw" }, { "id": "", "name": "neighborhoodfeelsa.fun" }, { "id": "", "name": "diagramfiremonkeyowwa.fun" }, { "id": "", "name": "dayfarrichjwclik.fun" }, { "id": "", "name": "cakecoldsplurgrewe.pw" }, { "id": "", "name": "assaultseekwoodywod.pw" }, { "id": "", "name": "politefrightenpowoa.pw" }, { "id": "", "name": "opposesicknessopw.pw" }, { "id": "", "name": "chincenterblandwka.pw" }, { "id": "", "name": "e8af36287e2270581fd5f2d28c6e0b83b337f58d430554d28dbf55d2ca09fcca" }, { "id": "", "name": "e20124da608445d9df1c71b1ad3530331a86b773b0b2f6a43ad32ec3d061a297" }, { "id": "", "name": "d69fe5cb1ded3aaa9a8b64824d820a72da0a1d43c9298cfcb5072f0060aefb8c" }, { "id": "", "name": "5b8e99a46d7c077152ef954e74a2ff1ad3de0adb34aa0b96f6f02fa60426d12f" }, { "id": "", "name": "564d742044e5ac9f6279c01c5c29bb801606b63c6c2cbfc2af09d8f2a73b84a6" }, { "id": "", "name": "504a6b8ce51c3be7de7e74c98c6da3fe12b186f634c441b43fa21f3350b7f1a3" }, { "id": "", "name": "50351b1ff64cd2e8d799f5153ff853a650e8782c49f241a123c8779ff3fa2a3d" }, { "id": "", "name": "101b9564ba11aa44372b37b1143eac0d5dd1e3f38c6a35517de843b9f23b3704" }, { "id": "", "name": "09df06e192569b671d8f4b7587a5ba184392e80195968d0e4f1ab0c21de65c5e" }, { "id": "", "name": "04ec79fb6e3260c8db46aea8e5cc6a42ad6e2af1c7c0cf46866a06b4acb98bae" } ], "malware": [ { "id": "legacy:malware:dd369e6fb3bc8de4", "name": "Vidar Stealer", "slug": "vidar-stealer" }, { "id": "legacy:malware:be12e6fe16bcaff2", "name": "Remcos RAT", "slug": "remcos-rat" }, { "id": "legacy:malware:e887974363cd7a08", "name": "Lumma Stealer", "slug": "lumma-stealer" }, { "id": "legacy:malware:4fb27ba81f35c28e", "name": "Redline Stealer", "slug": "redline-stealer" }, { "id": "legacy:malware:f0c21a09297a0fa6", "name": "Quasar RAT", "slug": "quasar-rat" } ], "attack_patterns": [ { "id": "7da151b8-315c-4726-be18-0b571f2760c2", "name": "T1559.001" }, { "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2", "name": "T1059.007" }, { "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f", "name": "T1071.001" }, { "id": "d9f271ed-7685-4362-b90d-f16a14102f39", "name": "T1489" }, { "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1", "name": "T1486" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "c12e0e03-aab0-4646-a929-e921a3d27f02", "name": "T1219" } ] }, "external_refs": [ "https://unit42.paloaltonetworks.com/accelerating-malware-analysis/", "https://otx.alienvault.com/pulse/66a1326f35a681fdd41b1424" ] }