No Match Found
Malware continues to be a key entry point for attackers into an organization. Malware can be simple and undirected, or a complex targeted attack spanning multiple global locations.
Understanding the behavior of malware, especially during an incident, will allow an organization to detect and determine the capability of the malware, as well as create detection rules to feed into Threat Hunting and other systems.
PwC Malware Analysis team’s extensive experience in malware analysis and reverse engineering across all platforms (OSX, Windows, Linux, IoT, etc.) will utilize the latest tools and techniques to de-obfuscate and understand capabilities of malicious files. This allows an organization to respond to an incident using precise IOCs (Indicators of Compromise) that can be provided to an Incident Response Team, and/or fed to Threat Hunting tools.
Often, a user will download a file that, while the antivirus doesn’t block it, seems unusual. For the security of an organization, it is beneficial to perform the analysis of a file before allowing it to execute.
Antivirus will block files that could potentially be good. However, if it is blocked by AV, then it is best practice to analyze the file, in case a file has been modified since creation.
If a file has been found that is likely malicious, it is best to analyze the file to determine its capabilities in the event it is a targeted attack. Analysis can highlight if the malicious file is capable of exfiltrating data as well as the destination of this data.
If malware is a zero day, or a targeted attack, then potentially it could bypass protection methods. Analysis of a zero day can highlight IOCs, which allows organizations to block malicious network traffic while performing Threat Hunting.
Once the IOCs are determined from the malicious file, PwC’s Malware Analysis team can help create rules for Threat Hunting and EDR systems to find the extent of the infection.
Useful for organizations that need a quick check of a file to determine if it is good or bad. Especially useful during an IR or Forensics investigation to determine if deeper review is necessary or if a file is relevant to an investigation.
Useful for organizations that, having determined a file is relevant to an investigation, would like to determine file behavior beyond basic analysis. Good for files that are protected against analysis to a degree.
This is a full analysis of a file and includes reverse engineering. Important for organizations that, having been breached, need to understand the full capabilities of a file.
PwC’s Malware Analysis team can help create Yara, firewall and EDR detection rules and playbooks, as well as assist in bringing the IOCs into other systems.
Our experienced bi-lingual team has a broad range of knowledge across multiple security products and can help regardless of the products and toolsets your organization uses. PwC Japan can leverage our global teams across APAC, AMERICAS and EMEA to help your organization on the ground as necessary.