No announcement yet.

Hachi: An Intelligent threat mapper

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hachi: An Intelligent threat mapper

    Friday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood
    Audience: Defense, Malware, Threat Intelligence Parmanand Mishra

    ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.

    Following modules of Hachi make this tool a great addition to an analyst’s or company’s armaments:

    • Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file.
    • Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix.
    • RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integration with malware processing frameworks.
    • Visualization: It allows for the creation of detailed visual reports.
    • Integration with Threat Intel feeds: It can be integrated with different threat intelligence feeds for enhanced security or expanded insights.

    The primary aim of this tool is to act as a force multiplier for the InfoSec community and aid the analysis of malware.

    Parmanand Mishra
    Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n and goes by Kart1keya on GitHub.