Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for a file from a client; analyzing the file to obtain analysis information of the CTI for the file; generating a CTI query related to the file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the analyzed file and the natural language model.

Abstract: A cyber threat information processing method, a cyber threat information processing processor, and a storage medium storing a program for processing cyber threat information may process an executable file to ensure characteristic information of the executable file, transmit the ensured characteristic information of the executable file over an independent network, and receive malware profiling information generated based on the characteristic information of the executable file over the independent network.

Abstract: Provided is a cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface, processing cyber threat information related to the received or input file or the information on the file; and providing the processed cyber threat information to the user through a user interface.

Abstract: Provided is a cyber threat information processing method including acquiring webpage data based on link information, and analyzing tag structure information of the webpage data, converting data included in a tag area of the webpage data into tag feature data according to the tag structure information, and training an AI model using the converted tag feature data to acquire cyber threat information of the data included in the tag area.

Abstract: A cyber threat information processing method, a cyber threat information processing apparatus, and a storage medium storing a cyber threat information processing program may analyze and process an executable file, perform clustering to generate one or more clusters, and determine similarity with a cluster of another user based on characteristic information of the executable file.

Abstract: A cyber threat information processing method including receiving a CTI analysis request for a document script from a client; analyzing the document script to obtain analysis information of the CTI for the script; generating a CTI query related to the document script based on the analysis information of the CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query from the analysis information of the CTI and the natural language model to the client.

Abstract: Provided is a cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface; processing cyber threat information related to the received or input file or the information on the file; and providing the processed cyber threat information to the user through a user interface, wherein the provided cyber threat information includes information on an attack group.

Abstract: A cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface; processing cyber threat information related to the received or input file or the information on the file; and providing the processed cyber threat information to the user through a user interface. The cyber threat information includes a dataset package.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for assembly code from a client; analyzing the assembly code to obtain analysis information of the CTI for the assembly code; generating a CTI query related to a file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the assembly code and the natural language model.

Abstract: A cyber threat information processing method including generating stack trace information of a reader program of an operating system executing a non-executable file at a hooking point of a system call of the operating system when the reader program performs the system call, obtaining a calling function for calling the system call and a variable corresponding to the calling function from the generated stack trace information, and providing description information about the obtained calling function and the variable corresponding to the calling function.

Abstract: Provided is a cyber threat information processing method including obtaining disassembled code by dissembling an executable file, generating an instruction sequence based on a control flow according to a relationship between instructions in the disassembled code, converting the generated instruction sequence into a feature data set related to a cyber threat, and acquiring cyber threat information by learning the feature data set using an artificial intelligence (AI) model.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for assembly code from a client; analyzing the assembly code to obtain analysis information of the CTI for the assembly code; generating a CTI query related to a file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the assembly code and the natural language model.

Abstract: Provided is a cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface; processing cyber threat information related to the received or input file or the information on the file; providing the processed cyber threat information to the user through a user interface; and performing natural language processing on the processed cyber threat information.

Abstract: A cyber threat information processing method, a cyber threat information processing apparatus, and a storage medium storing a program for processing cyber threat information may analyze and process an executable file and perform clustering to generate one or more malware clusters.

Abstract: Provided is a cyber threat information processing method including collecting a webpage and classifying data included in the webpage or data linked according to link depth, detecting whether the data included in the webpage or the linked data is malicious on a plurality of layers, the plurality of layers including at least two of antivirus-based malicious pattern detection, signature malicious pattern detection according to a certain rule, or malignancy detection according to an artificial intelligence (AI) algorithm for the data, and providing or storing record data of the webpage when the data is detected to be malicious as a result of the detection.

Abstract: A cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing software that processes cyber threat information. A cyber threat information processing method including converting an executable file in an input file into a code block of a certain format, determining similarity between the converted code block and previously classified malware and classifying malware in the executable file, extracting natural language included in an electronic document associated with the classified malware, and registering the extracted natural language in association with the classified malware, and providing information about malware related to requested search for the malware and natural language related to the malware as search result information when a user requests the search for the malware.

Abstract: The present disclosure relates to an anomaly data detecting system. The anomaly data detecting system includes: one or more trigger modules receiving input data, and when anomaly data is included in the received input data based on a trigger rule, generating one or more initial signals indicating the anomaly data; a signal hub receiving one or more generated initial signals from the one or more trigger modules, and performing a logic operation for the one or more received initial signals based on a feed rule to generate a result signal; and one or more detector modules receiving the generated result signal from the signal hub, and detecting attack detection information corresponding to the anomaly data from the received result signal based on a detector rule.

Abstract: Disclosed is a method of processing cyber threat information including disassembling an input file to acquire analysis target functions in assembly code, calculating a function hash value for each of quantized function vectors of the analysis target functions, determining at least one candidate function from pre-stored comparison target functions based on the calculated function hash value, and classifying cyber threat information for the analysis target functions based on similarity for the at least one candidate function.

Abstract: The disclosed embodiments relate to a cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing a cyber threat information processing program. A disclosed embodiment provides a cyber threat information processing method including: a step to classify at least one executable file into a set of code blocks corresponding to at least one malware by performing conversion of such executable file and provide the classified set of block codes; a step to select one or more code blocks included in the classified set of code blocks and generate a new set of code blocks by combining such selected code blocks; and a step to predict new malware based on the set of code blocks generated as above and provide information about the new malware predicted.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for a file from a client; analyzing the file to obtain analysis information of the CTI for the file; generating a CTI query related to the file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the analyzed file and the natural language model.