Rec. ITU-T X.1218 (10/2020) Requirements and guidelines for dynamic malware analysis in a sandbox environment
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Threat scenarios
     6.1 Targeted/customized malware threat
     6.2 Phishing email threat
     6.3 Instant messaging propagation threat
     6.4 Web browsing or downloading threat
     6.5 Supply chain attack threat
     6.6 Ransomware threat
     6.7 Fileless malware threat
7 Sandbox technology
8 General requirements and guidelines on sandbox
     8.1 Comprehensive analysis environment
     8.2 Identification of disguised file types
     8.3 Isolation from the outside
     8.4 Resistance to evasion
     8.5 Separate Internet access
     8.6 Scalability of analysis and management
9 Further requirements and guidelines on dynamic behaviour analysis
     9.1 High level of visibility into malware behaviour
     9.2 Behaviour granularity capture and analyse
     9.3 Record of API calls
     9.4 Action abstraction
     9.5 Ability to decompress compressed files
     9.6 Analysis of derivative files
     9.7 Threat determination
Bibliography