Malware Analysis Management

CERN is constantly being targeted with malware, with email being the primary attack vector. The CERN Computer Security Team in collaboration with the CERN Email Service Managers have deployed many in-depth measures in order to minimize the number of malicious emails reaching the mailboxes of CERN users. The cornerstone of this strategy is the use of FireEye EX1 email security appliances. These appliances are performing behavioural analysis of all email attachments by detonating them inside a sandboxed environment and simulating user activity. 

The malicious attachments are being quarantined based on the traces of malicious activity detected once they are opened. Still, this is a very quick analysis that does not offer a complete picture of the entire malware activity. 

The goal of this project was to design, implement and deploy a framework for the automated analysis of quarantined files.