From: An emerging threat Fileless malware: a survey and research challenges
Challenges | File-based malware | Fileless malware |
---|---|---|
1. Detection and collection | Malicious files are available and detect by the AV solutions. | Since, the malicious files are unavailable, it required to do in-depth memory analysis for the identification of malicious programs running in memory and collect malicious patterns as evidence. |
2. Examination | Perform static and dynamic analysis of the malicious sample to extract indicators of compromises (IOCs). | To establish and validate the attack, all pieces of evidence, such as network events, logs of all security tools, and hosts are required to examine. |
3. Analysis & investigation | Co-relate the intention of the attacker from the IOCs and investigate the attacker IP through mapping with IP-geolocation. | Co-relate the intention of the attacker from the IOCs and investigate the attacker IP through mapping with IP-geolocation. |
4. Incident response | The accurate response of malicious activity should be communicated to mitigate the threat. | The accurate response of malicious activity should be communicated to mitigate the threat. |