Abstract
Malware Analysis Management (M.A.M.) or the automated sandbox analysis of quarantined malware samples focuses on a detailed analysis of malware samples reaching CERN through email traffic. M.A.M. is a side process of the main email pipeline that listens to alerts posted by FireEye EX appliances when a malicious email is detected. Apart from sorting out new malware samples, M.A.M. utilizes advanced sandbox technologies like Joe Sandbox Cloud to deep analyse the most interesting and important malware artefacts in order to gather detailed Indicators of Compromise (IOCs) information. In addition to the analysis and management of malware samples, CERN as a responsible member of the security threat intelligence community takes advantage of platforms like MISP to share the threat intelligence gathered by the project. M.A.M., a real-time daemon running persistently on a dedicated VM, is now an addition to the other security and defence strategies deployed at CERN for email security.
