公开(公告)号：EP3506141B1

公开(公告)日：2021-02-17

申请号：EP18197668.9

申请日：2018-09-28

发明人： Jas, Frank ,  Gong, Fengmin

IPC分类号： G06F21/56

公开(公告)号：EP3352110B1

公开(公告)日：2020-04-01

申请号：EP18153061.9

申请日：2018-01-23

申请人： Cyphort Inc.

发明人： MOHANTA, Abhijit ,  SALDANHA, Anoop Wilbur

IPC分类号： G06F21/56 ,  G06F21/53 ,  H04L29/06

公开(公告)号：EP3108401A4

公开(公告)日：2017-08-09

申请号：EP15752745

申请日：2015-02-23

申请人： CYPHORT INC

发明人： BURT ALEXANDER ,  BILOGORSKIY NICK ,  NAVARAJ MCENROE ,  JAS FRANK ,  HAN LIANG ,  TING YUCHENG ,  KENYAN MANIKANDAN ,  GONG FENGMIN ,  GOLSHAN ALI ,  SINGH SHISHIR

IPC分类号： G06F21/56

CPC分类号： G06F21/566 ,  G06F2221/034 ,  H04L63/1441 ,  H04L63/145

摘要： A system configured to detect malware is described. The system configured to detect malware including a data collector configured to detect at least a first hypertext transfer object in a chain of a plurality of hypertext transfer objects. The data collector further configured to analyze at least the first hypertext transfer object for one or more events. And, the data collector configured to generate a list of events based on the analysis of at least the first hypertext transfer object.

摘要翻译： 描述了配置为检测恶意软件的系统。 所述系统被配置为检测恶意软件，所述恶意软件包括被配置为检测多个超文本传输​​对象的链中的至少第一超文本传输​​对象的数据收集器。 数据收集器还被配置为至少分析第一超文本传输​​对象以查找一个或多个事件。 并且，数据收集器被配置为基于对至少第一超文本传输​​对象的分析来生成事件列表。

公开(公告)号：EP3591558A1

公开(公告)日：2020-01-08

申请号：EP19192148.5

申请日：2015-02-23

申请人： Cyphort Inc.

发明人： BURT, Alexander ,  BILOGORSKIY, Mikola ,  NAVARAJ, McEnroe ,  JAS, Frank ,  HAN, Liang ,  TING, Yucheng ,  KENYAN, Manikandan ,  GONG, Fengmin ,  GOLSHAN, Ali ,  SINGH, Shishir

IPC分类号： G06F21/56 ,  H04L29/06

摘要： A system configured to detect malware is described. The system configured to detect malware including a data collector configured to detect at least a first hypertext transfer object in a chain of a plurality of hypertext transfer objects. The data collector further configured to analyze at least the first hypertext transfer object for one or more events. And, the data collector configured to generate a list of events based on the analysis of at least the first hypertext transfer object.

公开(公告)号：EP3374871A1

公开(公告)日：2018-09-19

申请号：EP16864949.9

申请日：2016-11-09

申请人： Cyphort, Inc.

发明人： GONG, Fengmin ,  BURT, Alexander ,  JAS, Frank

IPC分类号： G06F11/00

CPC分类号： G06F11/00 ,  G06F21/566 ,  H04L63/1416

摘要： A system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold.

公开(公告)号：EP3108401A1

公开(公告)日：2016-12-28

申请号：EP15752745.8

申请日：2015-02-23

申请人： Cyphort Inc.

发明人： BURT, Alexander ,  BILOGORSKIY, Nick ,  NAVARAJ, McEnroe ,  JAS, Frank ,  HAN, Liang ,  TING, Yucheng ,  KENYAN, Manikandan ,  GONG, Fengmin ,  GOLSHAN, Ali ,  SINGH, Shishir

IPC分类号： G06F21/56

摘要： A system configured to detect malware is described. The system configured to detect malware including a data collector configured to detect at least a first hypertext transfer object in a chain of a plurality of hypertext transfer objects. The data collector further configured to analyze at least the first hypertext transfer object for one or more events. And, the data collector configured to generate a list of events based on the analysis of at least the first hypertext transfer object.

公开(公告)号：EP2774038B1

公开(公告)日：2016-06-22

申请号：EP12844780.2

申请日：2012-11-05

申请人： Cyphort, Inc.

发明人： GOLSHAN, Ali ,  BINDER, James, S.

IPC分类号： G06F21/55 ,  G06F11/00 ,  G06F11/36 ,  G06F9/455 ,  G06F21/53 ,  H04L29/06 ,  G06F21/56

CPC分类号： G06F21/566 ,  G06F9/45541 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/552 ,  G06F21/554 ,  G06F21/567 ,  G06F2009/45587 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145 ,  H04L2463/144

摘要： Systems and methods for virtualization and emulation malware enabled detection are described. In some embodiments, a method comprises intercepting an object, instantiating and processing the object in a virtualization environment, tracing operations of the object while processing within the virtualization environment, detecting suspicious behavior associated with the object, instantiating an emulation environment in response to the detected suspicious behavior, processing, recording responses to, and tracing operations of the object within the emulation environment, detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment, re-instantiating the virtualization environment, providing the recorded response from the emulation environment to the object in the virtualization environment, monitoring the operations of the object within the re-instantiation of the virtualization environment, identifying untrusted actions from the monitored operations, and generating a report regarding the identified untrusted actions of the object.

公开(公告)号：EP2774039A4

公开(公告)日：2015-11-11

申请号：EP12845692

申请日：2012-11-05

申请人： CYPHORT INC

发明人： GOLSHAN ALI ,  BINDER JAMES S

IPC分类号： G06F11/00 ,  G06F9/455 ,  G06F11/36 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  H04L29/06

CPC分类号： G06F21/566 ,  G06F9/45541 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/552 ,  G06F21/554 ,  G06F21/567 ,  G06F2009/45587 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145 ,  H04L2463/144

摘要： Systems and methods for virtualization and emulation malware enabled detection are described. In some embodiments, a method comprises intercepting an object, instantiating and processing the object in a virtualization environment, tracing operations of the object while processing within the virtualization environment, detecting suspicious behavior associated with the object, instantiating an emulation environment in response to the detected suspicious behavior, processing, recording responses to, and tracing operations of the object within the emulation environment, detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment, re-instantiating the virtualization environment, providing the recorded response from the emulation environment to the object in the virtualization environment, monitoring the operations of the object within the re-instantiation of the virtualization environment, identifying untrusted actions from the monitored operations, and generating a report regarding the identified untrusted actions of the object.

公开(公告)号：EP3093762B1

公开(公告)日：2020-01-08

申请号：EP16167215.9

申请日：2012-11-05

申请人： Cyphort, Inc.

发明人： GOLSHAN, Ali ,  BINDER, James, S

IPC分类号： G06F11/00 ,  G06F11/36 ,  G06F9/455 ,  G06F21/53 ,  H04L29/06 ,  G06F21/56 ,  G06F21/55

公开(公告)号：EP3506141A1

公开(公告)日：2019-07-03

申请号：EP18197668.9

申请日：2018-09-28

申请人： Cyphort Inc.

发明人： Jas, Frank ,  Gong, Fengmin

IPC分类号： G06F21/56

摘要： A device may include one or more memories; and one or more processors, communicatively coupled to the one or more memories, to receive a query for data stored by a database; generate an abstract syntax tree based on the query; determine whether the abstract syntax tree matches a list, where the list identifies one or more abstract syntax trees corresponding to queries or types of queries; and selectively perform an action based on whether the abstract syntax tree matches the entry of the list.