General Motors (GM) is a multinational automotive manufacturer headquartered in Detroit, Michigan. GM is ranked #18 on the Fortune 500 for total revenue and is the largest auto manufacturer headquartered in the United States.
GM is committed to maintaining corporate security and the security of their customers. For this reason, effectively sharing information about malware and indicators of compromise within their organization is critical.
Our Malware Reverse Engineering Platform is a web application that provides a unified and easy-to-use interface that allows users to submit suspicious samples for analysis.
These samples may be files the user already has, or they may be scraped from web sources. The user can submit local files by either dragging a file and dropping it into an indicated box, or by selecting a file. They can submit a website to scrape by simply entering the URL and selecting the start button.
The analysis returns a report about the sample’s behavior, such as what files it modifies, what it attempts to do on the network, and other potentially malicious activities. The report is visible within the interface after the analysis, and the user may download the report to their local machine. The report is also automatically sent to their organization’s database for storage and for other members to view.
This platform automates and greatly simplifies a currently manual process that requires the user to interact with multiple programs. This gives GM’s security analysts greater flexibility and efficiency in analyzing malware and sharing results.
The malware analysis incorporates Cuckoo. The samples and analyses are stored in a Malware Information Sharing Platform (MISP) instance. For integrating these tools, we are using the PyMISP library. The web interface uses Flask built off of Adobe XD.