ECOLE POLYTECHNIQUE MONTREAL (QUEBEC) MONTREAL Canada
This is the final report for the research and development project between the Royal Canadian Mounted Police RCMP and lEcole Polytechnique de Montral. The principal objective for this project was to produce a blue-print for a Cyber Intelligence Analysis Platform CIAP, which has advanced capabilities to study sophisticated cyber threats in a secure environment. In this report, a how to guide detailing all the key steps to build a CIAP that automates the execution and analysis of complex malware samples is presented. The CIAP follows the design implemented at lEcole Polytechnique de Montrals SecSI Cyber Security Laboratory, which has been used to emulate and study real world botnets at scale in an isolated environment. In particular, the SecSIs cluster has generated a 3000 node Waledac botnet, which enable researchers to understand its complex command and control infrastructure used operate it.