When analyzing huge number of malware samples, one would want to receive malware configurations in a well-defined, predictable, industry-standard format that can be easily integrated into a security system.
After researching an abundance of options, this report concluded on using the output format defined by the US Defense Cyber Crime Center’s MWCP project.
View this guide to delve deeper into the following:
- Why Malware developers hide valuable configuration data with layers of abfuscation and evasion;
- Filtering out useless sandbox artifacts, and having only a list of IOCs that matter;
- Exploring multiple sandbox project utilisation with community support.