公开(公告)号：US20240386109A1

公开(公告)日：2024-11-21

申请号：US18667819

申请日：2024-05-17

Applicant: CrowdStrike, Inc.

Inventor： George Robert Kurtz ,  Dmitri Alperovitch ,  Amol Kulkarni ,  Jan Miller ,  Daniel Radu

IPC: G06F21/56 ,  G06F21/57

Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.

公开(公告)号：US12013941B2

公开(公告)日：2024-06-18

申请号：US17255958

申请日：2019-06-28

Applicant: CrowdStrike, Inc.

Inventor： George Robert Kurtz ,  Dmitri Alperovitch ,  Amol Kulkarni ,  Jan Miller ,  Daniel Radu

IPC: G06F21/56 ,  G06F21/00 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F21/567 ,  G06F21/577 ,  G06F2221/034

Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.

公开(公告)号：US20210117544A1

公开(公告)日：2021-04-22

申请号：US17255958

申请日：2019-06-28

Applicant: CrowdStrike, Inc.

Inventor： George Robert Kurtz ,  Dmitri Alperovitch ,  Amol Kulkarni ,  Jan Miller ,  Daniel Radu

IPC: G06F21/56

Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.