• MINOSS

  • Products

  • Services

  • Education

  • Company

  • Resources

    • Product inquiry

    Big data malware analysis
    response solution

    MINOSS has been selected as an excellent information security technology for 2021 by KISA.

    Product inquiry

    More sophisticated,
    growing cyber threats

    Increased sandbox circumvention techniques

    The rise of sandbox evasion techniques has shown that sandboxes alone are not enough to combat advanced threats.

    Increase in document-based cyberthreats

    Document-based malware, which hides malware in documents rather than executable files like EXEs, is on the rise.

    MINOSS is an analytical response solution
    that prevents security incidents by collecting and
    learning cyber threat DNA to block cyber threats.

    MINOSS Overview

    Product name

    MINOSS V2.0

    Certification

    GS Certification Grade 1 [20-0362]

    Related patents

    No. 10-2081867

    [How to organize an inverted index, methods and devices for retrieving similar data using an inverted index].

    Overview

    A solution to analyze malicious files by targeting files of a specific format using an analysis DB

    MINOSS Configuration Diagram

    minoss_구성도

    MINOSS Features

    Support for generating IDA-based function code block information

    • Generating function-level codeblock information for a malware sample
    • Create code blocks using IDBs generated by IDA, a malware analysis tool.
    • Implemented to reflect the renamed function names
    • The generated code block information is configured to link sample and incident information.
    • ※ IDA is software utilized by the Incident Analysis Unit and requires support for the software.

    Support for analyzing function code block information

    • (1:1): Implements a 1:1 comparison, and the comparison results show the percentage of similarity, etc.
    • (1:N) : Explore samples and incidents by comparing generated codeblocks with full function codeblocks
    • (N:N) : Compare and explore the entire function code block of the uploaded sample with the entire stored code block information.
    • Supports comparison of malware's codeblock information at the assembly language level

    Information extraction features

    • Provides string extraction information such as plain strings and HTTP addresses in files
    • Ability to track malware inside compressed files
      (ALZ, EGG, ZIP, CAB, RAR, TAR, etc.)

    Malware detection using tags

    • Search for similar information to related information registered in the DB by ranking

    MS-Office File Static Analysis Features

    • Output Word (doc/docx), Excel (xls/xlsx), PowerPoint (ppt/pptx) meta information and body information
    • Support for viewing macro sources attached within document files

    Provide executable (PE) file static analysis information

    • Ability to output and track executable (PE) file meta information
    • Provides Import/Export API, section information, and digital signature information
    • Ability to view PE file disassembly

    HWP file static analysis features

    • Analyze OLE file structure (Storage, Stream, etc.) inside documents
    • Decompression support for compressed Korean OLE streams
    • Viewer function for Hangul document body, images, and internal tips
    • Check vulnerability information for Hangeul 3.x/5.x format documents
    • Supports document meta information output and tracking

    Support for file information output and search types

    • Similar malware, hash values (MD5, SHA1, SHA256), tag information, etc.
    • Ensure code integrity by checking HASH information for each block in the code
    • Check code and file details
    • In the case of PE files, check similarity measurement results on a per-function basis

    Malware detection with artificial intelligence

    • Learn maliciousness/normality of function OPCode using VDCNN algorithm
      (applied to Windows executable and Linux executable)
    • Provide malicious OPCode locations using LIME
    • Apply learning results continuously

    The MINOSS Concept

    Just as criminals can change their appearance but not their DNA, cyber threats have their own DNA. MINOSS is a technology that analyzes and learns the DNA of cyber threats to proactively prevent them.

    미노스 기술의 컨셉

    Core Competitiveness of MINOSS

    1) Collecting a large amount of data (more than 200,000 domestic and international cases per day)
    2) Data classification technology and DB construction (many years of R&D and project experience)
    3) Technology to quickly analyze and block similarities (patented)

    미노스의 핵심 경쟁력

    Cyber Threat Data from MINOSS
    How it's collected, learned, and detected

    미노스의 사이버 위협 수집 및 학습 탐지 과정

    Collecting tons of samples domestically and internationally
    (about 200,000 per day)

    국내, 국외에서 수많은 샘플을 수집

    Similarity analysis techniques

    Most new variants of malware make minor modifications to previously created source code.
    Measuring the similarity of code can help identify new variants of malware.

    분류 및 정렬 기술

    If the information in block 2 is even slightly different, the hash value will only change in block 2.
    This means that if only 1 out of 10 blocks is different, there is a 90% similarity match.

    Quick similarity check

    You'd have to compare all the hashes in your DB to find the most similar ones, but we've found a way.

    빠른 유사도 검색

    Devised a way to quickly measure how similar a particular file is to a file in the DB.

    Method for constructing an inverted index, method and apparatus for retrieving similar data using an inverted index
    [Patent No. 10-2081867]

    Best Information Security Technology of 2021

    MINOSS has been selected as the Best Information Security Technology of 2021 by KISA.

    2021년 우수 정보보호 기술 선정 누리랩

    Malware analysis tool using reversing technology

    For malware analysts, MINOSS provides malware analysis information through MINOSS Web, and provides function information used in malware through function similarity comparison by interlocking with IDA Pro (plugin).

    리버싱 기술을 이용한 악성코드 분석도구

    ※ Reversing technology is used to analyze the structure and core algorithms of malicious programs and devise measures to deal with them.

    Technologies and Products Derived from MINOSS

    Contents Disarm & Reconstruction (CDR)

    Go to Lupe →
    • Countering document-based attacks, non-pe file forgery detection and integrity verification
    • Contents Disarm & Reconstruction (CDR)

    Blocking scam emails using social engineering

    Go to NESS (Nurilab Email Security Suite) →
    • Detect and block mail using social engineering techniques, such as lookalike domain detection and impersonation mail.

    Extract and search for text in documents and repair corrupt files

    Go to Nuri Document Filter →
    Go to NDFinder Pro →
    • Supports multiple document formats used domestically and internationally
    • Utilized for personal information, internal document leakage prevention, and search engines

    Virus, ransomware protection, Windows filesystem drivers

    Go to KICOM AV →
    Go to Anti-Ransom →
    Go to File Filter Driver →
    • Developing and Deploying the Open Source Antivirus Engine Kicom
    • Block, defend against, and restore ransomware activity
    • Windows file and folder tracking, auditing, reporting, and monitoring

    HWP vulnerability scanning

    Go to HWPScan2 →
    • Understanding the structure of Korean documents using reversing techniques
    • Detect vulnerabilities in Korean documents

    AI learning-based harmful image/keyword analysis

    AI Image/Keyword Filter

    • Image/Keyword Processing Technology
    • Determine community, BBS profanity and slurs, and banned keywords bypassing banned words
    • Terms of use
    • Privacy Policy
    • (07228) #1305-#1306, 220, Yeongsin-ro, Yeongdeungpo-gu, Seoul, Republic of Korea (KnK Digital Tower)
    • CEO : Kei Choi, ChungHo Park
    • Rep : +82-2-2671-3344
    • Support1 : +82-2-2671-2888
    • Support2 : +82-2-2672-2888(CrowdStrike)
    • Fax : +82-2-2138-0909
    • Email : support@nurilab.com