Botconf Author Listing

Manuel Blatt


Last known affiliation: Fraunhofer FKIE
Bio: Manuel Blatt works as a security researcher at Fraunhofer FKIE. In his master’s thesis, he focused on malware families written in and obfuscation schemes enabled through the .NET framework. Manuel is also a primary contributor of MCRIT.
Date: 2023-04-13
MCRIT: The MinHash-based Code Relationship & Investigation Toolkit
Daniel Plohmann 🗣 | Daniel Enders | Manuel Blatt

Abstract (click to view)

Ever since launching Malpedia [1] at Botconf 2017, we continuously maintained and expanded our community-driven data set with the vision of exploring new ways to leverage it effectively for the research of and defense against malware. A primary research scope for us was working towards enabling efficient one-to-many code similarity analysis. After almost 4 years of research and development, we now finally want to share our results. With this presentation, we will publicly release MCRIT, the MinHash-based Code Relationship & Investigation Toolkit [2]. After giving a short overview of the underlying techniques and implementation, we will explain in a series of practical examples how to apply MCRIT for the three primary use cases it has been geared towards so far:

  • Malware family and library code differentiation to accelerate triage and analysis
  • Isolation of unique family code to provide means for hunting towards their characteristics
  • Lead generation for discovering potentially unknown links between samples and families

External links: Project website | Github
Slides Icon
PDF
Video
Paper Link Icon
Article
Scroll to Top