MCRIT: The MinHash-based Code Relationship & Investigation Toolkit

Botconf 2023
2023-04-22 | 12:00 – 12:40

Daniel Plohmann 🗣 | Daniel Enders | Manuel Blatt

Ever since launching Malpedia [1] at Botconf 2017, we continuously maintained and expanded our community-driven data set with the vision of exploring new ways to leverage it effectively for the research of and defense against malware. A primary research scope for us was working towards enabling efficient one-to-many code similarity analysis. After almost 4 years of research and development, we now finally want to share our results. With this presentation, we will publicly release MCRIT, the MinHash-based Code Relationship & Investigation Toolkit [2]. After giving a short overview of the underlying techniques and implementation, we will explain in a series of practical examples how to apply MCRIT for the three primary use cases it has been geared towards so far:

  • Malware family and library code differentiation to accelerate triage and analysis
  • Isolation of unique family code to provide means for hunting towards their characteristics
  • Lead generation for discovering potentially unknown links between samples and families

External link: Project website

Slides Icon


Paper Link Icon

Scroll to Top