Author Topic: New Kill Chain Report Section *Re-RE....Edit  (Read 571 times)

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 345
  • I like CIS , Kali Linux and IDA Pro ! ;)
New Kill Chain Report Section *Re-RE....Edit
« on: April 28, 2017, 11:14:07 PM »
Hey Guys ,

nice to see that something has changed in valkyrie . The new "Kill Chain Report Section" look's very nice ! Still not quite "finished" yet, I believe, but i like it ... !!!  :-TU Very useful, additional, information for the experienced user or for those who want it to be ."Severity Rating" could be integrated in Valkyrie Verdicts for Sandboxed Application's (?!) For example, a Alarm-Popup with a final verdict from valkyrie and extra "Severity Rating" indicator . It could be shown as additional information in all Applications who use Comodo's Containment Technology . For files that could not be analyzed completly or correctly , this might be useful too . Maybe it's nessesary to write a kind of "Valkyrie self checking algorithm".  >:-D If valkyrie does not find enough indicators to issue a safe or complete analysis, then a rating with regard to the number of found indicators  make sense (As the Severity Rating Indicator already shows for successfully analyzed files) ! And for this case a another hint to wait for the human expert analysis would also be good . But I'm also not sure if there should be anything else between clean or malicious88)

Keep it up ... !!!  ;)

p.s And thank you very much for integrating reporting information Mail's and executed Application Screenshots !!!  :-TU  :)

p.s.  yeah ... I noticed that even more details were added to the reports . 64 Pages!Respekt ! :D :-TU
« Last Edit: April 29, 2017, 02:28:58 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2616
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #1 on: April 29, 2017, 10:25:31 AM »
Can you link to a report that has this new feature? Because I'm not seeing this when I uploaded a sample for analysis.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 345
  • I like CIS , Kali Linux and IDA Pro ! ;)
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #2 on: April 29, 2017, 02:10:17 PM »
Can you link to a report that has this new feature? Because I'm not seeing this when I uploaded a sample for analysis.


of course , sent to me by a mysterious fairy  :-TU  ;)

"Preview" Kill Chain Report :

https://valkyrie.comodo.com:443/kill/chain/55bfa6aa04a16a892acdb2cc410192ab21e886a3/pdf/report/export
« Last Edit: April 29, 2017, 02:20:52 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***


Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 345
  • I like CIS , Kali Linux and IDA Pro ! ;)
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #4 on: April 29, 2017, 06:15:28 PM »
few more links...

Change the pdf/report/export to summary...then you get the interactive version ;)

https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/summary

ok ... , thank you for your information !  :-TU  ;)

Interactive version looks better !  :azn: Very detailed , structured and with a user-friendly interface .

I am looking forward to seeing valkyrie "back" in action !   :P0l
« Last Edit: April 29, 2017, 07:01:29 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***


Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14588
    • Video Blog
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #6 on: April 30, 2017, 10:22:17 AM »
And I see the kill chain report is available under the valkyrie final verdict when looking at sample summary. Pretty cool feature and I'm sure it will take time for it to be available to more submissions.

https://valkyrie.comodo.com/get_info?sha1=51e5b1e7bf928da55c2654ceefaff3df07a513ef

we are now deploying the infrastructure so that every malware will have a  Kill Chain report.

Also we are thinking about releasing all that data in an XML format so that anyone can write any report or put a new UI to it. What do you think?
« Last Edit: April 30, 2017, 10:24:13 AM by Melih »

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 345
  • I like CIS , Kali Linux and IDA Pro ! ;)
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #7 on: April 30, 2017, 03:49:53 PM »
we are now deploying the infrastructure so that every malware will have a  Kill Chain report.

Also we are thinking about releasing all that data in an XML format so that anyone can write any report or put a new UI to it. What do you think?

Great Idea !!! I'm on board ! Can't wait to do some test's with valkyrie ! ;)
« Last Edit: April 30, 2017, 04:03:41 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 153
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #8 on: April 30, 2017, 04:03:51 PM »
I want to clarify this Kill-Chain report creation: currently, when you login to your account at http://valkyrie.comodo.com, you may choose a Malware sample from your list, and you'll see a button as "Send to Kill Chain Analysis" (http://prnt.sc/f2naz7). This button appears only for malware files.

When you click, the report is being generated automatically in the backend, and takes usually not more than 3-4 minutes. Then you may access the report through the sample's main UI, where you'll see a "Kill Chain Report" button (http://prntscr.com/f2ncrc).

User needs to manually trigger the report generation for now. With next hotfix, we'll start the generation of the report in the backend, as soon as it's marked as malware.


Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 153
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #9 on: May 08, 2017, 10:05:01 PM »
Hi guys, I previously informed about a hotfix that will automatically create the kill-chain report for malware files. On Saturday, Valkyrie team did a hotfix deployment and now we have this feature. All new detections as malware have kill-chain reports created as well.

The creation may take around 5 minutes, as we're performing extensive dynamic analysis to get all details. So please be patient after you submit a malware sample and wait for kill-chain report.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 345
  • I like CIS , Kali Linux and IDA Pro ! ;)
Re: New Kill Chain Report Section *Re-RE....Edit
« Reply #10 on: May 09, 2017, 10:46:25 AM »
Great News !!!  :-TU

I will do a few tests and see how it works !!!  ;)

Best Regards !!!

Pio
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek