The number of malware attacks that occur by embedding malicious code or exploits makes it important to know the flow of the malware attack that occurs so that we can understand where the attack started and what impacts can be caused by a malware attack that occurs, and how the flow of the attack using an analytical method Cyber Attack Lifecycle. This research was conducted to find out the flow of a malware attack, to find out where the attack started and to find out what impact the attack could have on the Mandiant's Cyber Attack Lifecycle Model. Mandiant's Cyber Attack Lifecycle Model was chosen as the analysis method because it has 8 stages that can cover the entire attack flow, namely initial recon, initial compromise, establish foothold, escalate privileges, internal recon, move laterally, maintain presence, and complete mission. Analysis of the attack was carried out from a document file which was indicated to contain malware in which the document file was sent by someone using Microsoft Excel document format and would be analyzed using Mandiant's Cyber Attack Lifecycle Model method to find out where the attack started and how the attack flow could occur. The results showed that the application of the Mandiant's Cyber Attack Lifecycle Model was successful in covering all the attack paths well, knowing the impact of the attack, and being able to find out where the attack started.
Copyrights © 2022