Application of the SAMA methodology to Ryuk malware

Application of the SAMA methodology to Ryuk malware

연구 분야: Strategies

학회: Journal of Computer Virology and Hacking Techniques

Malware analysis is an essential discipline for understanding the nature, attack vectors, and weaknesses of systems to combat the threats that emerge every day in the IT security world. To this end, a malware analysis methodology can facilitate and improve an otherwise complex, chaotic, and relatively inefficient process, optimising the results obtained and the productivity of the analysis. To prove the effectiveness of a malware analysis methodology, it is necessary to test it on relevant specimens. The aim of this paper is, on one hand, to test and demonstrate the value of the SAMA methodology as a systematic process for analysing malware with a real and significant use case and, on the other hand, to show, explain and put into practice several actual malware analysis techniques and tools using a real and relevant use case. The analysis process carried out with the methodology shows its ability to guide a malware analysis process as well as its flexibility to adapt the techniques according to the findings obtained during the process.