CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA.

Malware Next-Gen is a malware analysis platform that examines malware samples for suspicious artifacts. It was originally designed to allow U.S. federal, state, local, tribal, and territorial government agencies to submit suspicious files and receive automated malware analysis through static and dynamic analysis tools.

Yesterday, CISA released a new version of the system that allows any organization or person to submit files to the system.

"The Cybersecurity and Infrastructure Security Agency (CISA) announces today a new release of our malware analysis system, called Malware Next-Gen, which allows any organization to submit malware samples and other suspicious artifacts for analysis," reads the announcement.

"Malware Next-Gen allows CISA to more effectively support our partners by automating analysis of newly identified malware and enhancing the cyber defense efforts."

Malware Next-Gen is designed to handle the growing workload of cyber-threat analysis by offering advanced and reliable analysis on a scalable platform featuring multilevel containment capabilities for automatic analysis of potentially malicious files or URLs.

CISA's Executive Assistant Director for Cybersecurity, Eric Goldstein, sees this new platform as a contributor to the national cybersecurity and critical infrastructure bolstering efforts.

Goldstein hopes that Malware Next-Gen will streamline processes that allow the agency to hunt for new threats and analyze, correlate, and enrich data that's valuable in cyber-threat response operations.

Availability

Malware Next-Gen was made available to a limited number of government organizations since November 2023, leading to the identification of 200 suspicious or malicious files and URLs from 1,600 submissions.

CISA encourages all organizations, security researchers, and individuals to register and submit suspicious files to the platform for analysis, which requires registration with a login.gov account.

Submitted files are analyzed in a secure environment employing a combination of static and dynamic analysis tools, and the results are provided in PDF and STIX 2.1 formats.

For those who wish to remain anonymous, there's also an option to submit malware samples through this portal for unregistered users, though analysis results won't be made available to them.

Anonymous sample submission
Anonymous sample submission (BleepingComputer)

However, only CISA analysts and other vetted people will have access to the malware analysis reports generated by the system. Therefore, if you wish to receive an immediate analysis of a suspicious file, VirusTotal remains an excellent option.

Finally, CISA warns users to refrain from attempting to misuse the system, waive any privacy expectations, and ensure that the information they submit on the platform does not contain classified data.


Update 4/17: CISA has provided BleepingComputer with some clarifications over how the system works and what the goal or benefits of using the platform are. These are summarized below:

  • CISA updated their "Malware Next-Generation" platform to include enhanced capabilities for automated malware analysis, expanded support for multiple file types, and updated tactics and techniques for analyzing malware.
  • Registration on CISA’s platform is open to government entities, critical infrastructure organizations, and cybersecurity groups, while the platform is now also accessible to partners beyond federal and SLTT government entities.
  • Any member of the public can submit a malware sample to CISA. Registered users who submit samples will receive a detailed report on CISA's analysis, while other submissions contribute to broader cyber defense efforts without direct feedback.
  • The Malware Next Gen system is not intended to replace commercial services like VirusTotal. Instead, it serves as an additional resource for national cyber defense and provides specialized malware analysis for public and private stakeholders.

Related Articles:

Hackers attack HFS servers to drop malware and Monero miners

Infostealer malware logs used to identify child abuse website members

US Commerce Dept Shares Tips On Securing Virtual Meetings

Cisco warns of NX-OS zero-day exploited to deploy custom malware

New Unfurling Hemlock threat actor floods systems with malware