ColdPress: An Extensible Malware Analysis Platform for Threat Intelligence
This work addresses the scalability problem for security analysts facing exponential malware growth, though it appears incremental as it combines existing tools into a modular system.
The paper tackles the manual and inefficient nature of malware analysis by presenting ColdPress, an extensible platform that automates end-to-end threat intelligence gathering, demonstrating its efficiency and usefulness with real-world malware samples like WannaCry.
Malware analysis is still largely a manual task. This slow and inefficient approach does not scale to the exponential rise in the rate of new unique malware generated. Hence, automating the process as much as possible becomes desirable. In this paper, we present ColdPress - an extensible malware analysis platform that automates the end-to-end process of malware threat intelligence gathering integrated output modules to perform report generation of arbitrary file formats. ColdPress combines state-of-the-art tools and concepts into a modular system that aids the analyst to efficiently and effectively extract information from malware samples. It is designed as a user-friendly and extensible platform that can be easily extended with user-defined modules. We evaluated ColdPress with complex real-world malware samples (e.g., WannaCry), demonstrating its efficiency, performance and usefulness to security analysts.