The is a research about malware classification using "Graph Hash".
In malware research, threat hunting and security intelligence exchanging, hashes, such as MD5 or SHA256, take a dominant position. Malware researchers search malware on VirusTotal with hashes, exchange security intelligence with IoC (incident of compromise) that include hashes. However, hashes have some characteristics, such as one-to-one relationship between file and its hash, this limit researchers to do files correlation. The purpose of this research is to help to classify malware with consistent and efficient way.
This session contains:
1. What is Graph Hash
- This will detail the background and what graph hash is.
2. Methodology of Graph Hash
- This will detail how to calculate the graph hash from ground up.
3. Testing Results
- This will presents the testing results. We will take the campaign, Operation Orca (https://www.virusbulletin.com/conference/vb2017/abstracts/operation-orca...), as example.
4. The Limitations of Graph Hash
- This will discuss the limitations of graph hash in some conditions.
A senior threat researcher at Trend Micro. He has focused on targeted attack investigation, incident response, and threat solution research for over a decade.
A senior threat researcher at Trend Micro. Focus on targeted attacks, threat intelligence sharing, malware analysis and malicious document analysis. Speaker at HITB GSEC 2019, Virus Bulletin 2017 and IRCON 2016.