Analyzing Image Malware with OSINTs after Steganography using Symmetric Key Algorithm

Steganography is the practice of hiding a message or information within another file, such as an image (Singh & Singla, 2022). OSINT (Open Source Intelligence) involves using publicly available information for intelligence gathering purposes. In this research, the asymmetric key algorithm will be applied to the steganography method, using 10 images with different sizes and dimensions. Images tested for steganography are in tiff, gif, png, jpg, and bmp format. A combination of steganography and OSINT could involve analyzing and decoding images found on publicly available platforms, such as social media, to uncover hidden messages. On the other hand, steganography within OSINT can also be used to protect sensitive information from prying eyes. Overall, the combination of Symmetric Key Algorithm steganography and OSINT can be a powerful tool for both intelligence gathering and secure communication. Here in this work, malware is developed, and using that malware the victim’s machine is exploited. Later, an analysis is done via freely available OSINTs to find out which is the best OSINT that gives the best results. OSINTs have been very helpful in identifying whether the URLs and files are malicious or not. But how binding an image with the malware makes it difficult for OSINTs to identify they are malicious or not is being analyzed in this work. The analysis shows that the best OSINT is VirusTotal which has a greater number of engines that could detect the malware whereas others don’t have a variety of engines to detect the malware. Also, when it comes to malware afore binding it with an image is easier to detect whereas for an OSINT it was difficult to identify and detect the malware after binding with an imag

Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise

[EN] Cyber threat intelligence feeds the focus on atomic and computed indicators of compromise. These indicators are the main source of tactical cyber intelligence most organizations benefit from. They are expressed in machine-readable formats, and they are easily loaded into security devices in order to protect infrastructures. However, their usefulness is very limited, specially in terms of time of life. These indicators can be useful when dealing with non-advanced actors, but they are easily avoided by advanced ones. To detect advanced actor¿s activities, an analyst must deal with behavioral indicators of compromise, which represent tactics, techniques and procedures that are not as common as the atomic and computed ones. In this paper, we analyze why these indicators are not widely used, and we identify key requirements for successful behavioral IOC detection, specification and sharing. We follow the intelligence cycle as the arranged sequence of steps for a defensive team to work, thereby providing a common reference for these teams to identify gaps in their capabilities.Villalón-Huerta, A.; Ripoll-Ripoll, I.; Marco-Gisbert, H. (2022). Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise. Electronics. 11(3):1-20. https://doi.org/10.3390/electronics1103041612011

Розробка структури блокчейн-сховища для індикаторів компрометації в розподіленій системі обміну загрозами

Завданням роботи є розробка архітектури розподіленої системи обміну IoC та створення порівняльних характеристик технологій для реалізації архітектурних елементів. Мета цієї дипломної роботи полягає у створенні системи для ефективного зберігання та обміну індикаторами компрометації. Об’єктом дослідження є архітектура розподіленої системи обміну індикаторами компрометації з блокчейн сховищем для IoC. Предметом дослідження є можливість ефективного збереження та обміну чутливими даними, таким як IoC.The task of the work is to develop the architecture of a distributed IoC exchange system and create comparative characteristics of the technology for the implementation of architectural elements, such as databases or blockchains. The purpose of this graduate work is to create a system for effective storage and exchange of indicators of compromise. The object of research is the architecture of a distributed system of exchange of compromise indicators with blockchain storage for IoC. The subject of the study is the ability to efficiently store and exchange sensitive data such as IoC

Aquisição e modelação de Threat Intelligence para desenvolver um sistema de reputação

A internet é a tecnologia crucial da Era da Informação, pois permite melhorar o desempenho das organizações e agilizar processos de negócio. A pandemia que marcou a segunda década do século XXI, a COVID-19, veio reforçar esta situação, pois fez com que o teletrabalho se tornasse uma realidade na generalidade das organizações, resultando num crescimento exponencial dos dispositivos conectados às redes das organizações. Consequentemente, os dispositivos vulneráveis a ataques, bem como os pontos de acesso à rede aumentaram, como tal a segurança da informação, das infraestruturas digitais e a forma como são armazenados os dados, têm gerado uma preocupação crescente no seio das organizações. Paralelamente, a threat intelligence aplicada no âmbito da cibersegurança é preponderante, pois permite partilhar dados sobre indicadores de compromisso com o objetivo de mitigar ameaças, bem como minimizar o impacto das ameaças do dia zero nos sistemas de informação. O presente trabalho visa o desenvolvimento de um modelo preciso e robusto para calcular a reputação de ameaças, tendo como base a threat intelligence. Desta forma, foi desenvolvido um conector compatível com a plataforma OpenCTI, utilizada para recolher e partilhar informações sobre as ameaças. Este conector permite recolher dados de plataformas externas e, através de um algoritmo, avaliar o nível de ameaça (ThreatScore) do indicador de compromisso, bem como o nível de confiança (TrustRating) da pontuação atribuída. A framework desenvolvida é de prevenção de ameaças, ou seja, é um mecanismo complementar às defesas da organização para a tomada de decisão.Internet is the crucial technology of the information age. It improves company’s performance and speeds up the business process. The pandemic situation that marked the second decade of the 21st century, COVID-19, reinforced this situation, many public and private organizations implemented teleworking, resulting in an exponential growth of devices connected to organizations networks. Therefore, devices vulnerable to attacks, as well as network access points, have increased, this generated a growing concern within organizations, about the security of information, digital infrastructures and the way in which data are stored. At the same time, threat intelligence applied to the cybersecurity is beginning to be predominant, as it allows sharing data about indicators of compromise (IoC) with the aim of mitigating threat risks, as well as minimizing the impact of zero-day vulnerability to steal vital and sensitive data from the companies. In the present work, we focus on developing a lightweight and accurate model to calculate a reputation score, based in the acquisition of threat intelligence. In this way, a compatible connector was developed for the OpenCTI platform, this platform is used to collect and share information about threats. The developed connector allows collecting data from external platforms and using an algorithm to calculate the threat level (ThreatScore) of the indicator of compromise analyzed, as well as the confidence level (TrustRating) of the assigned score. This framework is designed to complement, not to replace, cybersecurity program and risk management processes, providing credible information for decision making