Malware attribution

The report presents the final year project to design and develop an application that performs malware attributions. Malware attributions are critical pieces of Indicators of Compromise (IOC) data to facilitate in the mapping and establishment of the observed cyber-attack. The tool aims to perform a malware attribution of an input file and subsequently, outputs the analysis in a report according to a determined threat intel format. The purpose of the report is for sharing and collaboration within the community. Prior to the start, research and study were carried out to establish and determine the tools and techniques in which the application should adopt. The developed application involves a number of virtual machines, machine learning techniques and macros to facilitate the automated process of keeping the collection of dataset updated. A collection of dataset consisting a total of 310 malware and non-malware samples were analysed on a Windows operating system and used for machine learning. Together with the pool of training dataset analysed and the integration of other components, the developed application was able to achieve an accuracy prediction of 98% in determining if a file belongs to a malware. The accuracy of the prediction was significant to enable the right output of report and outcome to the users. With an accurate report, cybersecurity professionals and individuals from the community can develop countermeasures to address the attack.