Systems and methods for automated malware artifact retrieval and analysis

  • US 8,291,500 B1
  • Filed: 03/29/2012
  • Issued: 10/16/2012
  • Est. Priority Date: 03/29/2012
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computerized method for automatically processing a plurality of files, comprising:

  • receiving user input comprising a universal resource locator, the universal resource locator identifying a malware artifact file at a command and control node;

    retrieving the malware artifact file stored at the command and control node;

    determining whether the malware artifact file is at least partially obfuscated;

    decoding the malware artifact file to reverse at least one obfuscating transformation if the malware artifact file is at least partially obfuscated;

    storing the malware artifact file in an electronic data store; and

    analyzing the malware artifact file retrieved from command and control node at an analyzer device separate from the command and control node and a victim computing device to determine whether it contains a command stored therein, the command being exchanged between an attacker computing device and the victim computing device.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×