| 发明名称 | Systems and methods for automated malware artifact retrieval and analysis | ||
| 摘要 | An automated malware analysis method is disclosed which can perform receiving a first universal resource locator identifying a first intermediate network node, accessing the first intermediate network node to retrieve a first malware artifact file, storing the malware artifact file in a data storage device, analyzing the malware artifact file to identify a second universal resource locator within the malware artifact file, and accessing a second intermediate network node to retrieve a second malware artifact file. | ||
| 申请公布号 | US8850585(B2) | 申请公布日期 | 2014.09.30 |
| 申请号 | US201213607789 | 申请日期 | 2012.09.09 |
| 申请人 | Cyber Engineering Services, Inc. | 发明人 | Bojaxhi Hermes;Drissel Joseph;Raygoza Daniel |
| 分类号 | H04L29/06;G06F21/55 | 主分类号 | H04L29/06 |
| 代理机构 | CipherLaw | 代理人 | CipherLaw |
| 主权项 | 1. A computerized method for automatically intercepting communications passing through a command and control node, comprising: receiving a target resource identifier, the target resource identifier specifying: an address for a command and control node; anda location of a malware artifact electronically stored at the command and control node,wherein the malware artifact comprises a command or data being exchanged between an attacker computing device and a victim computing device; receiving the malware artifact at an analyzer device separate from the command and control node and the victim computing device; determining whether the malware artifact is at least partially obfuscated; decoding the malware artifact to reverse at least one obfuscating transformation if the malware artifact is at least partially obfuscated; storing the malware artifact in an electronic data store; and analyzing the decoded malware artifact at the analyzer device to determine whether it contains a command or data stored therein. | ||
| 地址 | Columbia MD US | ||