Abstract: A cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing software that processes cyber threat information. A cyber threat information processing method including converting an executable file in an input file into a code block of a certain format, determining similarity between the converted code block and previously classified malware and classifying malware in the executable file, extracting natural language included in an electronic document associated with the classified malware, and registering the extracted natural language in association with the classified malware, and providing information about malware related to requested search for the malware and natural language related to the malware as search result information when a user requests the search for the malware.

Abstract: The present disclosure relates to an anomaly data detecting system. The anomaly data detecting system includes: one or more trigger modules receiving input data, and when anomaly data is included in the received input data based on a trigger rule, generating one or more initial signals indicating the anomaly data; a signal hub receiving one or more generated initial signals from the one or more trigger modules, and performing a logic operation for the one or more received initial signals based on a feed rule to generate a result signal; and one or more detector modules receiving the generated result signal from the signal hub, and detecting attack detection information corresponding to the anomaly data from the received result signal based on a detector rule.

Abstract: The disclosed embodiments relate to a cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing a cyber threat information processing program. A disclosed embodiment provides a cyber threat information processing method including: a step to classify at least one executable file into a set of code blocks corresponding to at least one malware by performing conversion of such executable file and provide the classified set of block codes; a step to select one or more code blocks included in the classified set of code blocks and generate a new set of code blocks by combining such selected code blocks; and a step to predict new malware based on the set of code blocks generated as above and provide information about the new malware predicted.

Abstract: Disclosed is a method of processing cyber threat information including disassembling an input file to acquire analysis target functions in assembly code, calculating a function hash value for each of quantized function vectors of the analysis target functions, determining at least one candidate function from pre-stored comparison target functions based on the calculated function hash value, and classifying cyber threat information for the analysis target functions based on similarity for the at least one candidate function.

Abstract: A cyber threat information processing method including receiving a CTI analysis request for a document script from a client; analyzing the document script to obtain analysis information of the CTI for the script; generating a CTI query related to the document script based on the analysis information of the CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query from the analysis information of the CTI and the natural language model to the client.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for assembly code from a client; analyzing the assembly code to obtain analysis information of the CTI for the assembly code; generating a CTI query related to a file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the assembly code and the natural language model as visualization information based on a web service.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for a document script included in a file from a client; analyzing the document script to obtain analysis information of the CTI for the document script; generating a CTI query related to the document script based on the analysis information of the CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query from the analysis information of the CTI and the natural language model to the client as visualization information.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for a file from a client; analyzing the file to obtain analysis information of the CTI for the file; generating a CTI query related to the file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the analyzed file and the natural language model.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for assembly code from a client; analyzing the assembly code to obtain analysis information of the CTI for the assembly code; generating a CTI query related to a file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the assembly code and the natural language model.

Abstract: Provided is a cyber threat information processing method including receiving a CTI analysis request for a file from a client; analyzing the file to obtain analysis information of the CTI for the file; generating a CTI query related to the file based on the analyzed CTI and delivering the CTI query to a natural language model; and providing natural language description information according to the CTI query obtained from the CTI for the analyzed file and the natural language model to the client as visualization information based on a Web service.

Abstract: The disclosed embodiments relate to a cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing a cyber threat information processing program. A disclosed embodiment provides a cyber threat information processing method including: a step to classify at least one executable file into a set of code blocks corresponding to at least one malware by performing conversion of such executable file and provide the classified set of block codes; a step to select one or more code blocks included in the classified set of code blocks and generate a new set of code blocks by combining such selected code blocks; and a step to predict new malware based on the set of code blocks generated as above and provide information about the new malware predicted.

Abstract: Provided is a cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface; processing cyber threat information related to the received or input file or the information on the file; and providing the processed cyber threat information to the user through a user interface, wherein the provided cyber threat information includes a list of advanced persistent threat (APT) attack information.

Abstract: Provided is a cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface, processing cyber threat information related to the received or input file or the information on the file; and providing the processed cyber threat information to the user through a user interface.

Abstract: A cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface; processing cyber threat information related to the received or input file or the information on the file; and providing the processed cyber threat information to the user through a user interface. The cyber threat information includes a dataset package.

Abstract: Provided is a cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface; processing cyber threat information related to the received or input file or the information on the file; providing the processed cyber threat information to the user through a user interface; and performing natural language processing on the processed cyber threat information.

Abstract: Provided is a cyber threat information processing method including receiving input of a file or information on the file from a user through at least one interface; processing cyber threat information related to the received or input file or the information on the file; and providing the processed cyber threat information to the user through a user interface, wherein the provided cyber threat information includes information on an attack group.

Abstract: The present disclosure provides an IoT device which comprise a user application module; an OS API module; a kernel API module; a file system driver module; a file filter driver module; and a network filter driver module. The user application module generates read/write event when an external file is received. The OS API module calls the kernel API module when the event is generated. The kernel API module transmits the read/write event to the file system driver module. The file system driver module generates the read/write operation command and transmits the command to the file filter driver module. The file filter driver module transmits the read/write operation command to the network filter driver module. The network filter driver module generates a exclusive packet including the read/write operation command and transmits the packet to a packet processing application module of a remote server.

Abstract: Provided is a cyber threat information processing method including acquiring webpage data based on link information, and analyzing tag structure information of the webpage data, converting data included in a tag area of the webpage data into tag feature data according to the tag structure information, and training an AI model using the converted tag feature data to acquire cyber threat information of the data included in the tag area.

Abstract: Provided is a cyber threat information processing method including collecting a webpage and classifying data included in the webpage or data linked according to link depth, detecting whether the data included in the webpage or the linked data is malicious on a plurality of layers, the plurality of layers including at least two of antivirus-based malicious pattern detection, signature malicious pattern detection according to a certain rule, or malignancy detection according to an artificial intelligence (AI) algorithm for the data, and providing or storing record data of the webpage when the data is detected to be malicious as a result of the detection.

Abstract: Provided is a cyber threat information processing method including obtaining disassembled code by dissembling an executable file, generating an instruction sequence based on a control flow according to a relationship between instructions in the disassembled code, converting the generated instruction sequence into a feature data set related to a cyber threat, and acquiring cyber threat information by learning the feature data set using an artificial intelligence (AI) model.