Abstract: Provided is a cyber threat information processing method including receiving input of a non-executable file, analyzing at least one feature related to a cyber threat of the input non-executable file, and generating analysis information, detecting whether the non-executable file includes a malicious action based on feature information obtained by selectively combining at least one piece of the generated analysis information, generating classification information on an attack technique and classification information on an attack group according to a malicious action when the malicious action is detected in the non-executable file, and providing cyber threat information to a user based on generated information of the non-executable file.

Abstract: A cyber threat information processing method including generating stack trace information of a reader program of an operating system executing a non-executable file at a hooking point of a system call of the operating system when the reader program performs the system call, obtaining a calling function for calling the system call and a variable corresponding to the calling function from the generated stack trace information, and providing description information about the obtained calling function and the variable corresponding to the calling function.

Abstract: A cyber threat information processing method, a cyber threat information processing apparatus, and a storage medium storing a cyber threat information processing program may analyze and process an executable file, perform clustering to generate one or more clusters, and determine similarity with a cluster of another user based on characteristic information of the executable file.

Abstract: An embodiment of the present invention provides a cyber threat information processing method that includes: a step to obtain disassembled code by disassembling a file; a step to convert the disassembled code into a code block in a certain format; a step to determine similarity to malware classified by performing machine learning for the converted code block; a step to output an analysis result of the file based on a result of determining the similarity; and a step to determine whether the detect function for the file operates.

Abstract: A cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing software that processes cyber threat information. A cyber threat information processing method including converting an executable file in an input file into a code block of a certain format, determining similarity between the converted code block and previously classified malware and classifying malware in the executable file, extracting natural language included in an electronic document associated with the classified malware, and registering the extracted natural language in association with the classified malware, and providing information about malware related to requested search for the malware and natural language related to the malware as search result information when a user requests the search for the malware.

Abstract: A cyber threat information processing method, a device for processing cyber threat information, and a storage medium that stores a program for processing cyber threat information according to embodiments may generates one or more clusters of malware by analyzing and processing an executable file and performing clustering, and may provide information about the malware cluster related to a specific network based on a data set of network behavior information for each malware cluster, which is generated by performing dynamic analysis for the malware cluster.

Abstract: A cyber threat information processing method, a cyber threat information processing processor, and a storage medium storing a program for processing cyber threat information may process an executable file to ensure characteristic information of the executable file, transmit the ensured characteristic information of the executable file over an independent network, and receive malware profiling information generated based on the characteristic information of the executable file over the independent network.

Abstract: The disclosed embodiments relate to a cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing a cyber threat information processing program. A disclosed embodiment provides a cyber threat information processing method including: a step to classify at least one executable file into a set of code blocks corresponding to at least one malware by performing conversion of such executable file and provide the classified set of block codes; a step to select one or more code blocks included in the classified set of code blocks and generate a new set of code blocks by combining such selected code blocks; and a step to predict new malware based on the set of code blocks generated as above and provide information about the new malware predicted.

Abstract: A cyber threat information processing method, a cyber threat information processing apparatus, and a storage medium storing a program for processing cyber threat information may analyze and process an executable file and perform clustering to generate one or more malware clusters.

Abstract: Provided are a cyber threat information processing apparatus, a method thereof, and a storage medium storing a cyber threat information processing program. It is possible to provide a cybersecurity threat information processing method including disassembling an input executable file to obtain disassembled code, and reconstructing the disassembled code to obtain reconstructed disassembled code, into a hash function, and converting the hash function into N-gram data (N being a natural number), and performing ensemble machine learning on block-unit code of the converted N-gram data to profile the block-unit code by an identifier of an attack technique performed by the block-unit code and an identifier of an attacker generating the block-unit code. It is possible to detect and address a variant of malware, and identify malware, an attack technique, an attacker, and an attack prediction method within a significantly short time even for a variant of malware.