Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.

Abstract: The present disclosure generally relates to a multi-phase malware identification and/or profiling process that can be implemented by one or more computer systems and/or computer-implemented methods. For example, one or more embodiments described herein can regard a method that includes detecting one or more cybersecurity threat indicators of malware targeting a computer device. The one or more cybersecurity threat indicators can characterize a delivery of the malware, an infrastructure of the malware, or a combination thereof. The method can also include generating an adversary profile that includes a correlation between the one or more cybersecurity threat indicators and an operation of the malware.

Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.

Abstract: Embodiments herein relate to identifying, by an electronic device based on a signature that identifies a file, a first parameter of the file. The electronic device can further identify, based on a behavior of the file that is to occur if the file is executed, a second parameter of the file. The electronic device can further identify a first value based on the first parameter and a second value based on the second parameter. The electronic device can further identify, based on the first value and the second value, a probability that the file is malware. The electronic device can further output an indication of the probability. Other embodiments may be described or claimed.