• Goa 2020
  • AMMO
  • Hachi

Hachi

Parmanand-Mishra

Tool Name:

Hachi

Speaker:

Parmanand Mishra

Download Link:

https://github.com/Kart1keya/Hachi



Abstract:

ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.

Following modules of Hachi make this tool a great addition to an analyst's or company's armaments:

  • Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file.
  • Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix.
  • Binary Emulation: In addition to symbolic execution, it also emulates the file and finds out possible behavior and side effects of the malware.
  • RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integrate with malware processing frameworks.
  • Visualization: It allows for the creation of detailed visual reports.
  • Integration with Threat Intel feeds: It can be integrated with different threat intelligence feeds for enhanced security or expanded insights.
  • Multiplatform: Hachi analyses PE(Portable executable) as well as ELF files. *Side Effects Extraction: This tool also extracts side effects which the file may cause if executed on the system.
  • The primary aim of this tool is to act as a force multiplier for the InfoSec community and aid the analysis of malware.

Bio:

Senior Malware Researcher

Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n, DEFCON and goes by Kart1keya on GitHub.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved