Miter-for-malware MalAPI project seeks community support


John Leyden 02 November 2021 at 15:22 UTC

Updated: November 05, 2021 at 14:48 UTC

Windows malware cataloged by API calls

A recently launched project aims to catalog Windows malware samples based on the APIs on which the malicious code relies.

MalAPI.io, was created by a security researcher with the handle mr.d0x provide a different perspective on malicious code by cataloging malware by how it functions, rather than through a process of reverse engineering.

The researcher goes through the source code of malware written in C / C ++ that uses WinAPI APIs and categorizes them.

The goal is to create a resource that mr.d0x says will be of use to both security researchers and pen testers.

RELATED Cloud Security: Microsoft Launches ATT & CK Inspired Matrix For Kubernetes

“This project may be useful for those who develop (for legal purposes) or reverse engineer malware,” said mr.d0x. The daily sip.

“You can turn on mapping mode which allows you to highlight the APIs being used, and when you’re done, just click ‘export table’ to upload an image of the table. “

“With this approach, users can find out what Windows APIs do from a security perspective. There is no real place that shows what Windows APIs can be used for from this point of view, ”according to mr.d0x.

Digital dewey

The MalAPI.io project launched on October 31 for first positive responses from other security researchers on Twitter.

Just as projects including the Miter ATT & CK framework can be used to map a network-based attack, MalAPI.io can lend itself to mapping attacks based on malicious code.

For now, the project is still in its early stages and far from complete. Its creator is currently seeking to engage other members of the infosec community to get involved in the project.

“I’m looking to get the community involved in this because there are tons of APIs out there, some that I might not even know about,” explained mr.d0x. “With people who contribute, we can [MalAPI.io] a centralized place where everyone can learn about Windows APIs.

Learn about the latest infosec research news from around the world

The security researcher expressed hope that the project could lead to the development of better security defenses.

“I consider this to be beneficial for almost everyone in the infosec community whether you are just looking to learn or doing some security related job,” said mr.d0x.

“For example, pen testers or red teamers can use it to find APIs to use during an engagement if they create a binary.

“Security researchers working at AV / EDR [antivirus/ end-point detection and response] companies can use the API list to create better detection rules. I think the possibilities of use are numerous.

YOU MAY ALSO LIKE Filesec.io project lists malicious file extensions used by attackers



Sam D. Gomez