{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:40:04Z","timestamp":1750502404296,"version":"3.41.0"},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,5,22]],"date-time":"2025-05-22T00:00:00Z","timestamp":1747872000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,5,22]],"date-time":"2025-05-22T00:00:00Z","timestamp":1747872000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01059-3","type":"journal-article","created":{"date-parts":[[2025,5,22]],"date-time":"2025-05-22T11:17:50Z","timestamp":1747912670000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Cultivating skilled malware analysts: Clarification of practical malware dynamic analysis through interviews"],"prefix":"10.1007","volume":"24","author":[{"given":"Rei","family":"Yamagishi","sequence":"first","affiliation":[]},{"given":"Shota","family":"Fujii","sequence":"additional","affiliation":[]},{"given":"Takayuki","family":"Sato","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,22]]},"reference":[{"key":"1059_CR1","unstructured":"NETRESEC AB. Networkminer, 2022. URL https:\/\/www.netresec.com\/?page=NetworkMiner. Accessed 19 Dec 2023"},{"key":"1059_CR2","unstructured":"abuse.ch. Malwarebazaar, 2022. URL https:\/\/bazaar.abuse.ch\/. Accessed 19 Dec 2023"},{"key":"1059_CR3","unstructured":"AbuseIPDB. Abuseipdb, 2022. URL https:\/\/www.abuseipdb.com\/. Accessed 19 Dec 2023"},{"key":"1059_CR4","doi-asserted-by":"publisher","unstructured":"Afianian, Amir, Niksefat, Salman, Sadeghiyan, Babak, David, Baptiste: Malware dynamic analysis evasion techniques: A survey. ACM Computing Surveys, 52 (6): 126:1\u2013126:28, November 2019. ISSN 0360-0300. URL https:\/\/doi.org\/10.1145\/3365001. Accessed 19 Dec 2023","DOI":"10.1145\/3365001"},{"key":"1059_CR5","unstructured":"National Security Agency. Ghidra, 2022. https:\/\/ghidra-sre.org\/"},{"key":"1059_CR6","unstructured":"akiyan.com. Encodemaniax, 2022. https:\/\/encodemaniax.com\/. Accessed 19 Dec 2023"},{"key":"1059_CR7","unstructured":"AllFreeSoft. Regshot, 2022. https:\/\/all-freesoft.net\/system8\/registry\/regshot\/regshot.html. Accessed 19 Dec 2023"},{"key":"1059_CR8","unstructured":"ANY.RUN. Any.run, 2022. https:\/\/any.run\/. Accessed 19 Dec 2023"},{"key":"1059_CR9","unstructured":"Aonzo, Simone, Han, Yufei, Mantovani, Alessandro, Balzarotti, Davide: Humans vs. machines in malware classification. In Proceedings of USENIX Security Symposium, aug (2023)"},{"key":"1059_CR10","unstructured":"CMAN. Cman, 2022. https:\/\/www.cman.jp\/network\/. Accessed 19 Dec 2023"},{"key":"1059_CR11","unstructured":"X corp. X, 2022. https:\/\/twitter.com\/. Accessed 19 Dec 2023"},{"key":"1059_CR12","unstructured":"The MITRE Corporation. Mitre att &ck, 2022. URL https:\/\/attack.mitre.org\/. Accessed 19 Dec 2023"},{"key":"1059_CR13","unstructured":"crypt0s. Fakedns, 2022. https:\/\/github.com\/Crypt0s\/FakeDns. Accessed 19 Dec 2023"},{"key":"1059_CR14","unstructured":"CyberDefenseInstitute. cdir-collector, 2022. https:\/\/github.com\/CyberDefenseInstitute\/CDIR. Accessed 19 Dec 2023"},{"key":"1059_CR15","doi-asserted-by":"publisher","first-page":"2750","DOI":"10.1109\/TIFS.2020.2976559","volume":"15","author":"Daniele Cono D\u2019Elia","year":"2020","unstructured":"D\u2019Elia, Daniele Cono, Coppa, Emilio, Palmaro, Federico, Cavallaro, Lorenzo: On the dissection of evasive malware. IEEE Transactions on Information Forensics and Security 15, 2750\u20132765 (2020). https:\/\/doi.org\/10.1109\/TIFS.2020.2976559","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"1059_CR16","unstructured":"EricZimmerman. Evtxecmd, 2022. https:\/\/github.com\/EricZimmerman\/evtx. Accessed 19 Dec 2023"},{"key":"1059_CR17","doi-asserted-by":"publisher","unstructured":"Feng, Pengbin, Sun, Jianhua, Liu, Songsong, Sun, Kun: Uber: combating sandbox evasion via user behavior emulators. In International Conference on Information and Communications Security, pages 34\u201350. Springer, (2019). https:\/\/doi.org\/10.1007\/978-3-030-41579-2_3","DOI":"10.1007\/978-3-030-41579-2_3"},{"key":"1059_CR18","unstructured":"Stichting Cuckoo Foundation. Cuckoo sandbox, 2022. https:\/\/cuckoosandbox.org\/. Accessed 19 Dec 2023"},{"key":"1059_CR19","unstructured":"GCHQ. Cyberchef, 2022. https:\/\/gchq.github.io\/CyberChef\/. Accessed 19 Dec 2023"},{"key":"1059_CR20","doi-asserted-by":"publisher","unstructured":"Gorecki, Christian, Freiling, Felix C., K\u00fchrer, Marc, Holz, Thorsten: Trumanbox: Improving dynamic malware analysis by emulating the internet. In Proceedings of the 13th International Conference on Stabilization, Safety, and Security of Distributed Systems, pages 208\u2013222, Berlin, Heidelberg, (2011). Springer-Verlag. ISBN 9783642245497. URL https:\/\/doi.org\/10.5555\/2050613.2050630","DOI":"10.5555\/2050613.2050630"},{"key":"1059_CR21","unstructured":"Hatching. Triage, 2022. https:\/\/tria.ge\/. Accessed 19 Dec 2023"},{"key":"1059_CR22","doi-asserted-by":"publisher","DOI":"10.1201\/9781410607775","volume-title":"Handbook of cognitive task design","author":"E Hollnagel","year":"2003","unstructured":"Hollnagel, E.: Handbook of cognitive task design. CRC Press (2003)"},{"key":"1059_CR23","unstructured":"Hungenberg, Thomas, Eckert, Matthias: Inetsim: Internet services simulation suitewireshark, 2022. https:\/\/www.inetsim.org\/. Accessed 19 Dec 2023"},{"key":"1059_CR24","unstructured":"Ethical Principles Guiding Information and Communication Technology Research. The menlo report, 2012. https:\/\/www.caida.org\/catalog\/papers\/2012_menlo_report_actual_formatted\/menlo_report_actual_formatted.pdf"},{"key":"1059_CR25","unstructured":"Bianco, David J.: The pyramid of pain, 2022. http:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html Accessed 19 Dec 2023"},{"key":"1059_CR26","doi-asserted-by":"publisher","unstructured":"Kirat, Dhilung, Vigna, Giovanni: Malgene: Automatic extraction of malware analysis evasion signature. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 769\u2013780, New York, NY, USA, October 2015. Association for Computing Machinery. ISBN 978-1-4503-3832-5. https:\/\/doi.org\/10.1145\/2810103.2813642. Accessed 19 Dec (2023)","DOI":"10.1145\/2810103.2813642"},{"key":"1059_CR27","unstructured":"Kleymenov, A., Thabet, A.: Mastering Malware Analysis: The Complete Malware Analyst\u2019s Guide to Combating Malicious Software, APT, Cybercrime, and IoT Attacks. Packt Publishing, 2019. ISBN 9781789610789. https:\/\/books.google.co.jp\/books?id=Nj4txgEACAAJ."},{"key":"1059_CR28","doi-asserted-by":"publisher","unstructured":"Kokulu, F. B., Soneji, A., Bao, T., et al. Matched and mismatched socs: A qualitative study on security operations center issues. In Proc. of the 2019 ACM CCS, pages 1955\u20131970, 2019. ISBN 9781450367479. https:\/\/doi.org\/10.1145\/3319535.3354239","DOI":"10.1145\/3319535.3354239"},{"key":"1059_CR29","doi-asserted-by":"publisher","unstructured":"Kurogome, Yuma, Otsuki, Yuto, Kawakoya, Yuhei, Iwamura, Makoto, Hayashi, Syogo, Mori, Tatsuya, Sen, Koushik: Eiger: automated ioc generation for accurate and interpretable endpoint malware detection. In Proceedings of the 35th Annual Computer Security Applications Conference, pages 687\u2013701, 2019. https:\/\/doi.org\/10.1145\/3359789.3359808","DOI":"10.1145\/3359789.3359808"},{"key":"1059_CR30","unstructured":"FSPro Labs. Event log explorer, 2022. https:\/\/eventlogxp.com\/. Accessed 19 Dec (2023)"},{"issue":"1","key":"1059_CR31","doi-asserted-by":"publisher","first-page":"159","DOI":"10.2307\/2529310","volume":"33","author":"J Richard Landis","year":"1977","unstructured":"Richard Landis, J., Koch, Gary G.: The measurement of observer agreement for categorical data. Biometrics 33(1), 159\u2013174 (1977). https:\/\/doi.org\/10.2307\/2529310","journal-title":"Biometrics"},{"key":"1059_CR32","unstructured":"Joe Security LLC. Joe sandbox cloud basic, 2022. https:\/\/www.joesandbox.com\/. Accessed 19 Dec 2023"},{"key":"1059_CR33","unstructured":"malpedia. malpedia, 2022. https:\/\/malpedia.caad.fkie.fraunhofer.de\/. Accessed 19 Dec 2023"},{"key":"1059_CR34","unstructured":"Microsoft. Sysinternals, 2022. https:\/\/docs.microsoft.com\/en-us\/sysinternals\/. Accessed 19 Dec 2023"},{"key":"1059_CR35","doi-asserted-by":"publisher","unstructured":"Miramirkhani, Najmeh, Appini, Mahathi Priya, Nikiforakis, Nick, Polychronakis, Michalis: Spotless sandboxes: Evading malware analysis systems using wear-and-tear artifacts. In 2017 IEEE Symposium on Security and Privacy (SP), pages 1009\u20131024. IEEE, (2017). URL https:\/\/doi.org\/10.1109\/SP.2017.42","DOI":"10.1109\/SP.2017.42"},{"key":"1059_CR36","unstructured":"Monnappa, KA.: Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware. Packt Publishing, 2018. ISBN 9781788397520. https:\/\/books.google.co.jp\/books?id=QsNiDwAAQBAJ"},{"key":"1059_CR37","unstructured":"nshalabi. Sysmontools, 2022. https:\/\/github.com\/nshalabi\/SysmonTools. Accessed 19 Dec 2023"},{"issue":"5","key":"1059_CR38","doi-asserted-by":"publisher","first-page":"88:1","DOI":"10.1145\/3329786","volume":"52","author":"Ori Or-Meir","year":"2019","unstructured":"Or-Meir, Ori, Nissim, Nir, Elovici, Yuval, Rokach, Lior: Dynamic malware analysis in the modern era: A state of the art survey. ACM Computing Surveys 52(5), 88:1-88:48 (2019). https:\/\/doi.org\/10.1145\/3329786","journal-title":"ACM Computing Surveys"},{"key":"1059_CR39","unstructured":"Paleari, Roberto, Martignoni, Lorenzo, Passerini, Emanuele, Davidson, Drew, Fredrikson, Matt, Giffin, Jon, Jha, Somesh: Automatic generation of remediation procedures for malware infections. In 19th USENIX Security Symposium (USENIX Security 10), (2010)"},{"key":"1059_CR40","doi-asserted-by":"publisher","unstructured":"Pascanu, Razvan, Stokes, Jack W., Sanossian, Hermineh, Marinescu, Mady, Thomas, Anil: Malware classification with recurrent networks. In 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 1916\u20131920, 2015. https:\/\/doi.org\/10.1109\/ICASSP.2015.7178304","DOI":"10.1109\/ICASSP.2015.7178304"},{"key":"1059_CR41","unstructured":"Perdisci, Roberto, Lee, Wenke, Feamster, Nick: Behavioral clustering of http-based malware and signature generation using malicious network traces. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation, NSDI\u201910, page 26, USA, 2010. USENIX Association"},{"issue":"4","key":"1059_CR42","doi-asserted-by":"publisher","first-page":"639","DOI":"10.5555\/2011216.2011217","volume":"19","author":"Konrad Rieck","year":"2011","unstructured":"Rieck, Konrad, Trinius, Philipp, Willems, Carsten: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011). https:\/\/doi.org\/10.5555\/2011216.2011217","journal-title":"J. Comput. Secur."},{"key":"1059_CR43","unstructured":"SecurityTrails. urlscan.io, 2022. https:\/\/urlscan.io\/"},{"key":"1059_CR44","unstructured":"Shodan. Shodan, 2022. https:\/\/www.shodan.io\/. Accessed 19 Dec 2023"},{"key":"1059_CR45","unstructured":"Progress Sitefinity. Fiddler, 2022. https:\/\/www.telerik.com\/fiddler. Accessed 19 Dec 2023"},{"key":"1059_CR46","doi-asserted-by":"publisher","unstructured":"Smith, Michael R., Johnson, Nicholas T., Ingram, Joe B., Carbajal, Armida J., Haus, Bridget I., Domschot, Eva, Ramyaa, Ramyaa, Lamb, Christopher C., Verzi, Stephen J., Kegelmeyer, W Philip: Mind the gap: On bridging the semantic gap between machine learning and malware analysis. In Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security, pages 49\u201360, 2020. https:\/\/doi.org\/10.1145\/3411508.3421373","DOI":"10.1145\/3411508.3421373"},{"key":"1059_CR47","unstructured":"SOURCEFORGE. Process hacker, 2022. https:\/\/processhacker.sourceforge.io\/. Accessed 19 Dec 2023"},{"key":"1059_CR48","unstructured":"VirusTotal. Virustotal, 2022. https:\/\/www.virustotal.com\/. Accessed 19 Dec 2023"},{"key":"1059_CR49","unstructured":"VMRay. Vmray, 2022. https:\/\/www.vmray.com\/. Accessed 19 Dec 2023"},{"key":"1059_CR50","doi-asserted-by":"publisher","unstructured":"Votipka, Daniel, Stevens, Rock, Redmiles, Elissa, Hu, Jeremy, Mazurek, Michelle: Hackers vs. testers: A comparison of software vulnerability discovery processes. In 2018 IEEE Symposium on Security and Privacy (SP), pages 374\u2013391, 2018. https:\/\/doi.org\/10.1109\/SP.2018.00003","DOI":"10.1109\/SP.2018.00003"},{"key":"1059_CR51","doi-asserted-by":"publisher","unstructured":"Votipka, Daniel, Punzalan, Mary Nicole, Rabin, Seth M., Tausczik, Yla, Mazurek, Michelle L.: An investigation of online reverse engineering community discussions in the context of ghidra. In 2021 IEEE European Symposium on Security and Privacy (EuroS &P), pages 1\u201320, 2021. https:\/\/doi.org\/10.1109\/EuroSP51992.2021.00012","DOI":"10.1109\/EuroSP51992.2021.00012"},{"key":"1059_CR52","doi-asserted-by":"publisher","unstructured":"Wagner, M., Aigner, W., Rind, A., et al. Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis. In Proc. of VizSec \u201914, pages 9\u201316, 2014. ISBN 9781450328265. https:\/\/doi.org\/10.1145\/2671491.2671498","DOI":"10.1145\/2671491.2671498"},{"key":"1059_CR53","unstructured":"wireshark. wireshark, 2022. https:\/\/www.wireshark.org\/. Accessed 19 Dec 2023"},{"key":"1059_CR54","doi-asserted-by":"publisher","unstructured":"Wong, Michelle Y., Lie, David: Intellidroid: A targeted input generator for the dynamic analysis of android malware. In Proceedings of the 2016 Symposium on Network and Distributed System Security (NDSS), February 2016. https:\/\/doi.org\/10.14722\/ndss.2016.23118","DOI":"10.14722\/ndss.2016.23118"},{"key":"1059_CR55","doi-asserted-by":"crossref","unstructured":"Yokoyama, Akira, Ishii, Kou, Tanabe, Rui, Papa, Yinmin, Yoshioka, Katsunari, Matsumoto, Tsutomu, Kasama, Takahiro, Inoue, Daisuke, Brengel, Michael, Backes, Michael, et al. Sandprint: Fingerprinting malware sandboxes to provide intelligence for sandbox evasion. In International Symposium on Research in Attacks, Intrusions, and Defenses, pages 165\u2013187. Springer, (2016)","DOI":"10.1007\/978-3-319-45719-2_8"},{"key":"1059_CR56","doi-asserted-by":"publisher","unstructured":"Yong M., W., Landen, M., Antonakakis, M., et al. An inside look into the practice of malware analysis. In Proc, of the 2021 ACM CCS, pages 3053\u20133069, (2021). ISBN 9781450384544.https:\/\/doi.org\/10.1145\/3460120.3484759","DOI":"10.1145\/3460120.3484759"},{"issue":"1","key":"1059_CR57","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/j.diin.2012.04.002","volume":"9","author":"Miao Yu","year":"2012","unstructured":"Yu, Miao, Qi, Zhengwei, Lin, Qian, Zhong, Xianming, Li, Bingyu, Guan, Haibing: Vis: Virtualization enhanced live forensics acquisition for native system. Digital Investigation 9(1), 22\u201333 (2012). https:\/\/doi.org\/10.1016\/j.diin.2012.04.002","journal-title":"Digital Investigation"},{"key":"1059_CR58","doi-asserted-by":"publisher","unstructured":"Zhang, Jialong, Gu, Zhongshu, Jang, Jiyong, Kirat, Dhilung, Stoecklin, Marc, Shu, Xiaokui, Huang, Heqing: Scarecrow: Deactivating evasive malware via its own evasive logic. In 2020 50th Annual IEEE IFIP International Conference on Dependable Systems and Networks (DSN), pages 76\u201387, June (2020). https:\/\/doi.org\/10.1109\/DSN48063.2020.00027","DOI":"10.1109\/DSN48063.2020.00027"},{"issue":"1","key":"1059_CR59","doi-asserted-by":"publisher","first-page":"603","DOI":"10.1109\/JSYST.2018.2828832","volume":"13","author":"C Zhong","year":"2019","unstructured":"Zhong, C., Yen, J., Liu, P., et al.: Learning from experts\u2019 experience: Toward automated cyber security data triage. IEEE Systems Journal 13(1), 603\u2013614 (2019). https:\/\/doi.org\/10.1109\/JSYST.2018.2828832","journal-title":"IEEE Systems Journal"},{"key":"1059_CR60","unstructured":"Zimmerman, Carson. Ten strategies of a world-class cybersecurity operation scenter. MITRE Corporate Communications and Public Affairs, (2014)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01059-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01059-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01059-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:12:05Z","timestamp":1750500725000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01059-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,22]]},"references-count":60,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1059"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01059-3","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,5,22]]},"assertion":[{"value":"22 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}},{"value":"This study involves interviewing participants, is human participant work, and follows informed consent. Participants were fully informed in advance of the purpose of the study and how the data would be handled, and were asked to complete a consent form before the study was conducted.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with Ethical Standards"}}],"article-number":"137"}}