Malware analysis reverse engineering (MARE) methodology &amp; malware defense (M.D.) timeline

Nguyen, Cory Q.; Goldman, James E.

doi:10.1145/1940941.1940944

Cited by 9 publications

(5 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DCAM is a static malware detection technique using code disassembly to recognize malware variants based on a common core signature with promising results on a set of malware [33]. MARE introduced a four-stage approach covering a structured analysis process that focuses on producing an objective outcome to detect malware followed by isolation and extraction phases, as shown by [34], who introduced the malware behavioral technique, malware reverse engineering, and code analysis. The author in [35] proposed an automated analysis framework to analyze executable behaviors through a synergic combination of malware detection techniques, including using a virtual machine over a sandbox to enhance invisibility.…”

Section: E Methodologies Deployed In Malware Analysismentioning

confidence: 99%

Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective

Nicho¹,

Yadav²,

Singh³

2023

IJACSA

View full text Add to dashboard Cite

The increasing use of powerful evasive ransomware malware in cyber warfare and targeted attacks is a persistent and growing challenge for nations, corporations, and small and medium-sized enterprises. This threat is evidenced by the emergence of the WhisperGate malware in cyber warfare, which targets organizations in Ukraine to render targeted devices inoperable, and the BlackCat malware, which targets large organizations by encrypting files. This paper outlines a practical approach to malware analysis using WhisperGate and BlackCat malware as samples. It subjects them to heuristic-based analysis techniques, including a combination of static, dynamic, hybrid, and memory analysis. Specifically, 12 tools and techniques were selected and deployed to reveal the malware's innovative stealth and evasion capabilities. This methodology shows what techniques can be applied to analyze critical malware and differentiate samples that are variations of known threats. The paper presents currently available tools and their underlying approaches to performing automated dynamic analysis on potentially malicious software. The study thus demonstrates a practical approach to carrying out malware analysis to understand cybercriminals' behavior, techniques, and tactics.

show abstract

Section: E Methodologies Deployed In Malware Analysismentioning

confidence: 99%

Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective

Nicho¹,

Yadav²,

Singh³

2023

IJACSA

View full text Add to dashboard Cite

show abstract

“…While headers contain information about the program itself and data to be read by the OS in order to correctly load and execute the file, sections contain the actual code and data of the program. Figure 1 shows the methodology used to analyze the sample, partially based on previous works [70,71]. We depict each step (gray, rounded rectangle) and the tools used (inside each rectangles).…”

Section: Ransomware Analysismentioning

confidence: 99%

Avaddon ransomware: An in-depth analysis and decryption of infected systems

Yuste

Pastrana

2021

Computers & Security

View full text Add to dashboard Cite

“…Until the dawn of the second decade of the 21 st century, there weren't any structured methodologies available for MA. MARE [5] was created to fill that gap. The researchers of MARE developed a Malware Defense (M.D.)…”

Section: Mare (Malware Analysis Reverse Engineering)mentioning

confidence: 99%

“…As one more of the countless problems faced, it needs a methodology developed to tackle it. There were no structured methodologies developed until 2010 when the MARE methodology (Malware Analysis Reverse Engineering) [5] was presented. This can be considered the only available methodology and go to solution until recent days.…”

Section: Introductionmentioning

confidence: 99%

Comparative Review of Malware Analysis Methodologies

Kiachidis¹,

Baltatzis²

2021

IJNSA

View full text Add to dashboard Cite

To fight against the evolution of malware and its development, the specific methodologies that are applied by the malware analysts are crucial. Yet, this is something often overlooked in the relevant bibliography or in the formal and informal training of the relevant professionals. There are only two generic and allencompassing structured methodologies for Malware Analysis (MA) – SAMA and MARE. The question is whether they are adequate and there is no need for another one or whether there is no such need at all. This paper will try to answer the above and it will contribute in the following ways: it will present, compare and dissect those two malware analysis methodologies, it will present their capacity for analysing modern malware by applying them on a random modern specimen and finally, it will conclude on whether there is a procedural optimization for malware analysis over the evolution of these two methodologies.

show abstract

Malware analysis reverse engineering (MARE) methodology & malware defense (M.D.) timeline

Cited by 9 publications

References 1 publication

Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective

Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective

Avaddon ransomware: An in-depth analysis and decryption of infected systems

Comparative Review of Malware Analysis Methodologies

Contact Info

Product

Resources

About