Abstract: Techniques for automatically grouping malware based on artifacts are disclosed. In some embodiments, a system, process, and/or computer program product for automatically grouping malware based on artifacts includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract features associated with malware; clustering the plurality of samples based on the extracted features; and performing an action based on the clustering output.

Abstract: Techniques for automatically grouping malware based on artifacts are disclosed. In some embodiments, a system, process, and/or computer program product for automatically grouping malware based on artifacts includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract features associated with malware; clustering the plurality of samples based on the extracted features; and performing an action based on the clustering output.

Abstract: Techniques for automatically grouping malware based on artifacts are disclosed. In some embodiments, a system, process, and/or computer program product for automatically grouping malware based on artifacts includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract features associated with malware; clustering the plurality of samples based on the extracted features; and performing an action based on the clustering output.

Abstract: Techniques for categorizing mobile uniform resource locators (URLs) that are used by mobile applications are disclosed. A URL is extracted from a mobile application. A category for the URL is determined based on a categorization of the mobile application. The URL and its determined category are then generated as output.

Abstract: Techniques for alerting and tagging using a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for alerting and tagging using a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract artifacts associated with the log files; determining whether a tag matches any of the plurality of samples based on the artifacts; and performing an action based on whether the tag matches any of the plurality of samples.

Abstract: Techniques for alerting and tagging using a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for alerting and tagging using a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract artifacts associated with the log files; determining whether a tag matches any of the plurality of samples based on the artifacts; and performing an action based on whether the tag matches any of the plurality of samples.

Abstract: Techniques for alerting and tagging using a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for alerting and tagging using a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract artifacts associated with the log files; determining whether a tag matches any of the plurality of samples based on the artifacts; and performing an action based on whether the tag matches any of the plurality of samples.

Abstract: Techniques for alerting and tagging using a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for alerting and tagging using a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract artifacts associated with the log files; determining whether a tag matches any of the plurality of samples based on the artifacts; and performing an action based on whether the tag matches any of the plurality of samples.

Abstract: Techniques for automatically grouping malware based on artifacts are disclosed. In some embodiments, a system, process, and/or computer program product for automatically grouping malware based on artifacts includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract features associated with malware; clustering the plurality of samples based on the extracted features; and performing an action based on the clustering output.

Abstract: Techniques for automatically grouping malware based on artifacts are disclosed. In some embodiments, a system, process, and/or computer program product for automatically grouping malware based on artifacts includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract features associated with malware; clustering the plurality of samples based on the extracted features; and performing an action based on the clustering output.

Abstract: Techniques for automatically determining whether malware samples are similar are disclosed. In some embodiments, a system, process, and/or computer program product for automatically determining whether malware samples are similar includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; comparing the log files based on the automated malware analysis; determining whether any of the plurality of samples are similar based on the comparison of the log files based on the automated malware analysis; and performing an action based on determining that at least two samples are similar.

Abstract: Techniques for a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to determine artifacts associated with malware; and performing an action based on an artifact.

Abstract: Techniques for categorizing mobile uniform resource locators (URLs) that are used by mobile applications are disclosed. A URL is extracted from a mobile application. A category for the URL is determined based on a categorization of the mobile application. The URL and its determined category are then generated as output.

Abstract: Categorizing mobile uniform resource locators (URLs) used by a mobile application is disclosed. A plurality of URLs is extracted from the mobile application. A category is assigned to at least one URL included in the plurality of URLs. The category is assigned to the URL based on a categorization of the mobile application.

Abstract: A first unclassified uniform resource locator (URL) is received. An originally primary bloom filter is initialized. A second bloom filter is initialized. In response to receiving a “no match” result from querying the primary bloom filter for the received first unclassified URL, insert operations are performed on both the originally primary bloom filter and the secondary bloom filter. At a time subsequent to inserting the first unclassified URL into both the originally primary and secondary bloom filters, a determination is made that a false positive rate associated with the originally primary bloom filter exceeds a threshold. In response to the determination, the secondary bloom filter is designated as a replacement primary.

Abstract: Techniques for automatically determining whether malware samples are similar are disclosed. In some embodiments, a system, process, and/or computer program product for automatically determining whether malware samples are similar includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; comparing the log files based on the automated malware analysis; determining whether any of the plurality of samples are similar based on the comparison of the log files based on the automated malware analysis; and performing an action based on determining that at least two samples are similar.

Abstract: Techniques for alerting and tagging using a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for alerting and tagging using a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract artifacts associated with the log files; determining whether a tag matches any of the plurality of samples based on the artifacts; and performing an action based on whether the tag matches any of the plurality of samples.

Abstract: Techniques for a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to determine artifacts associated with malware; and performing an action based on an artifact.

Abstract: A first unclassified uniform resource locator (URL) is received. An originally primary bloom filter is initialized. A second bloom filter is initialized. In response to receiving a “no match” result from querying the primary bloom filter for the received first unclassified URL, insert operations are performed on both the originally primary bloom filter and the secondary bloom filter. At a time subsequent to inserting the first unclassified URL into both the originally primary and secondary bloom filters, a determination is made that a false positive rate associated with the originally primary bloom filter exceeds a threshold. In response to the determination, the secondary bloom filter is designated as a replacement primary.