Chapter 9: Technical Threat Analysis – Similarity Analysis
Every day, a growing number of new and variant malware families emerge across the globe. To reduce the amount of overhead it takes to analyze individual malware families and organize and identify clusters of malicious activity, security researchers often apply techniques for finding malware and infrastructure similarities by utilizing techniques that group similarities together. In this chapter, we will be focusing on malware relationship analysis, specifically to help identify malware intrusion sets that are used in threat campaigns and are being pitted against organizations every day.
Fundamentally, analyzing the similarity between malware and its malicious infrastructure turns seemingly ...
Get Operationalizing Threat Intelligence now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
