Malware Analysis¶
Status: Planned
Standards: MAEC, MITRE ATT&CK, Behavior-based Detection
Source: archer/malware/ (not yet created)
The malware analysis domain supports both static and dynamic analysis of suspicious files and processes. It is oriented toward triage speed — producing actionable indicators within minutes of sample ingestion.
Planned Plays¶
| Play | Description |
|---|---|
static_analysis |
Hash lookup, string extraction, PE header analysis, YARA scanning |
dynamic_analysis |
Sandbox execution, behavioral observation, API call tracing |
network_ioc_extraction |
Extract C2 URLs, IPs, and domains from samples or PCAP |
att&ck_mapping |
Map observed behaviors to MITRE ATT&CK techniques |