Dridex: Analysis of the traffic and automatic generation of IOCs

- Rudman, Lauren, Irwin, Barry V W

Title
Dridex: Analysis of the traffic and automatic generation of IOCs
Creator
Rudman, Lauren, Irwin, Barry V W
Subject
To be catalogued
Date
2016
Type
text
Type
article
Identifier
http://hdl.handle.net/10962/429525
Identifier
vital:72619
Identifier
https://ieeexplore.ieee.org/abstract/document/7802932
Description
In this paper we present a framework that generates network Indicators of Compromise (IOC) automatically from a malware sample after dynamic runtime analysis. The framework addresses the limitations of manual Indicator of Compromise generation and utilises sandbox environment to perform the malware analysis in. We focus on the generation of network based IOCs from captured traffic files (PCAPs) generated by the dynamic malware analysis. The Cuckoo Sandbox environment is used for the analysis and the setup is described in detail. Accordingly, we discuss the concept of IOCs and the popular formats used as there is currently no standard. As an example of how the proof-of-concept framework can be used, we chose 100 Dridex malware samples and evaluated the traffic and showed what can be used for the generation of network-based IOCs. Results of our system confirm that we can create IOCs from dynamic malware analysis and avoid the legitimate background traffic originating from the sandbox system. We also briefly discuss the sharing of, and application of the generated IOCs and the number of systems that can be used to share them. Lastly we discuss how they can be useful in combating cyber threats.
Format
7 pages, pdf
Language
English
Relation
Information Security for South Africa (ISSA), Rudman, L. and Irwin, B., 2016, August. Dridex: Analysis of the traffic and automatic generation of IOCs. In 2016 Information Security for South Africa (ISSA) (pp. 77-84). IEEE, Information Security for South Africa (ISSA) volume 2016 number 1 77 84 2018 1991-1696
Rights
Publisher
Rights
Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
  • Hits: 334
  • Visitors: 337
  • Downloads: 6

Collections

Irwin, Barry V W (Prof)
RU Department of Computer Science
SDG 09. Industry, Innovation and Infrastructure
Thumbnail File Description Size Format
SOURCE1 Dridex.pdf 691 KB Adobe Acrobat PDF
  • Disclaimer
  • Privacy
  • Copyright
  • Contact