Hello and welcome to the Thursday, March 27th,

2025 edition of the Sands and then at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

It's always great when students are able to apply what they're learning in their classes,

and we have a great example here from one of our undergraduate interns.

We can join.

And we did write about how to classify matter using machine learning.

And it's in, I think, a pretty interesting novel way.

Also, the diary itself that we wrote this and lots of details so really also enables you

to apply some of these techniques to samples and such that you may have in your

environment the goal of this particular work was to classify Malvern, so not to figure out is it malicious or not so much as to what type of malvern it is.

And that's, of course, with these underrated interns, as part of the internship, they're looking at honeypot data you end up

with a ton of malware there and the difficult part is sometimes how to sort of triage it and

deal just with the sheer volume of data so this particular model was then able to distinguish between

like simple troppers download downloaders, backdoors,

ransomware, throchins, viruses, and worms, also information stealers, was another category

that we looked at. And well, it worked actually really well with detection sort of in the 90% correct range. Of course

there are always a piece of malware that may be somewhat in between and well again lots of

details here in the diary if you're interested in these type of techniques. I think really

educational piece and very thorough the work being done here.

And imagine that we still have malicious packages. NPM packages in particular, and there is a

good new blog post by Lugia Valentic with reversing labs. She looked into the Ether's provider two packages, which was recently

...