Automating some aspects of malware analysis is critical for organizations that process large numbers of malicious programs. Such automation allows analysts to focus on the tasks that require human insights. There are several free toolkits you can use as the starting point for building your own automated malware analysis lab.
- Jim Clausing documented his approach to building an automated behavioral malware analysis environment (PDF), building upon the Truman framework. Jim also provided several scripts to make it easier to make use of this methodology.
- Christian Wojner documented his approach to building a customized malware analysis system, describing the methodology employed at CERT.at. You can download the associated toolkit called Minibis.
There are several other toolkits you may find useful for automating aspects of behavioral malware analysis:
- Cuckoo by Claudio Guarnieri is an open-source toolkit you can install locally for analyzing malicious files.
- Zero Wine by Joxean Koret is a full-featured tool for dynamically analyzing the behavior of Windows malware by running it within the WINE emulator on Linux.
- Buster Sandbox Analyzer by Buster is a wrapper around the Sandboxie tool for Windows, which helps you examine the key actions of applications executed by Sandboxie in your lab.
- Malheur by Konrad Rieck is a very promising tool for analyzing the volumes of data collected by behavioral sandboxes.
- REMnux by yours truly is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software.
- SIFT from Sans
No comments:
Post a Comment