BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.pass-the-salt.org//pts2025//talk//SB7BEZ BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-pts2025-SB7BEZ@cfp.pass-the-salt.org DTSTART;TZID=CET:20250701T163000 DTEND;TZID=CET:20250701T170500 DESCRIPTION:The Datadog Threat Research team routinely collects and analyze s potential malware samples from multiple sources such as honeypots\, inte lligence shared by partners and intel contacts\, internal security inciden ts or Guarddog sourced malicious packages.\n\nFrom these malware analysis\ , we extract Indicators of Compromise (IoCs)\, such as malicious IP addres ses\, domains\, file hashes and other atomic indicators. For example\, a c loud crypto-jacking campaign could involve malicious container images asso ciated with an attacker-controlled Dockerhub user. Malware in the Docker i mages could communicate with a Command and Control (C2) server at a specif ic IP. The names of the images\, along with the Dockerhub username and the C2 IP would be considered atomic indicators in this case. \n\nWith the in crease of daily analyses\, our team had to handle the detonation of variou s types of samples and built an automated pipeline from data ingestion to detonation and collection contextualised IoCs in our TIP. We built our pip eline by relying on several Open Source projects including eBPF tracers\, Threat Intelligence Platform and malware analysis orchestrator. \n\nWith t his talk we want to share how we implemented and deployed our pipeline and also give feedback and lessons learned while implementing it. DTSTAMP:20260512T160354Z LOCATION:Amphitheater 122 SUMMARY:End-to-end processing of malware samples using open source technolo gies - Frederic Baguelin\, Matt Muir URL:https://cfp.pass-the-salt.org/pts2025/talk/SB7BEZ/ END:VEVENT END:VCALENDAR