Automatic Creation of Forensic Indicators with Cuckoo Sandbox and Its Application |
Kang, Boong Gu
(고려대학교 정보보호대학원 정보보호학과)
Yoon, Jong Seong (고려대학교 정보보호대학원 정보보호학과) Lee, Min Wook (고려대학교 정보보호대학원 정보보호학과) Lee, Sang Jin (고려대학교 정보보호대학원) |
1 | SANS, "Using IOC (Indicators of Compromise) in Malware Forensic." |
2 | The honeynet project, "Result of the Forensic Challenge" [Internet], http://old.honeynet.org/challenge/results/index.html. |
3 | Wikipedia "Indicators of compromise" [Internet], https://en.wikipedia.org/wiki/Indicator_of_compromise. |
4 | Mandiant [Internet], http://www.openioc.org. |
5 | MITRE [Internet], https://cyboxproject.github.io. |
6 | Lee Min Wook, Yoon Jong Seong, and Lee Sang Jin, "Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application," KIPS Tr.Comp. and Comm. Sys., Vol.5, No.4, pp.95-102, 2016. |
7 | Cuckoo Sandbox [Internet], https://www.cuckoosandbox.org. |
8 | Olivier Ferrand "How to detext the Cuckoo Sandbox and hardening it?" 22nd EICAR Annual Conference, 2013. |
9 | SANS, "Attributes of Malicious Files." |