Awesome Malware Analysis


Untuk siapa saja yang tertarik belajar tentang analisa malware, ada yang ngumpulin daftar berbagai macam tools keren tentang malware. Nama listnya “Awesome malware analysis”. Bisa dilihat pada halaman github berikut:

https://github.com/rshipp/awesome-malware-analysis

Jadi di web tersebut ada banyak list menarik, contohnya ada list berbagai macam jenis Honeypot:

  • Conpot – ICS/SCADA honeypot.
  • Cowrie – SSH honeypot,
  • Dionaea – Honeypot malware.
  • Glastopf – Web application honeypot.
  • Honeyd – virtual honeynet.
  • HoneyDrive – Honeypot bundle Linux distro.
  • Mnemosyne – untuk pengolahan data honeypot;
  • Thug – Low interaction honeyclient,

Kalo mau nyari sampel malware buat dipelajari bisa dilihat disini:

Selain itu ada juga beberapa tools Open Source Threat Intelligence:

  • AbuseHelper – An open-source framework for receiving and redistributing abuse feeds and threat intel.
  • AlienVault Open Threat Exchange – Share and collaborate in developing Threat Intelligence.
  • Combine – Tool to gather Threat Intelligence indicators from publicly available sources.
  • Fileintel – Pull intelligence per file hash.
  • Hostintel – Pull intelligence per host.
  • IntelMQ – A tool for CERTs for processing incident data using a message queue.
  • IOC Editor – A free editor for XML IOC files.
  • ioc_writer – Python library for working with OpenIOC objects, from Mandiant.
  • Massive Octo Spice – Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation.
  • MISP – Malware Information Sharing Platform curated by The MISP Project.
  • PassiveTotal – Research, connect, tag and share IPs and domains.
  • PyIOCe – A Python OpenIOC editor.
  • threataggregator – Aggregates security threats from a number of sources, including some of those listed below in other resources.
  • ThreatCrowd – A search engine for threats, with graphical visualization.
  • ThreatTracker – A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.
  • TIQ-test – Data visualization and statistical analysis of Threat Intelligence feeds.

Daftar beberapa tools antivirus dan deteksi malware

  • AnalyzePE – Wrapper for a variety of tools for reporting on Windows PE files.
  • chkrootkit – Local Linux rootkit detection.
  • ClamAV – Open source antivirus engine.
  • Detect-It-Easy – A program for determining types of files.
  • ExifTool – Read, write and edit file metadata.
  • hashdeep – Compute digest hashes with a variety of algorithms.
  • Loki – Host based scanner for IOCs.
  • Malfunction – Catalog and compare malware at a function level.
  • MASTIFF – Static analysis framework.
  • MultiScanner – Modular file scanning/analysis framework
  • nsrllookup – A tool for looking up hashes in NIST’s National Software Reference Library database.
  • packerid – A cross-platform Python alternative to PEiD.
  • PEV – A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries.
  • Rootkit Hunter – Detect Linux rootkits.
  • ssdeep – Compute fuzzy hashes.
  • totalhash.py – Python script for easy searching of the TotalHash.cymru.com database.
  • TrID – File identifier.
  • YARA – Pattern matching tool for analysts.
  • Yara rules generator – Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives.

dan masih banyak lagi. Silahkan dibaca-baca dan dicoba-coba. Terutama untuk para pejuang PA, mungkin ada 1 atau 2 tools yang bisa dijadikan judul.

Semoga bermanfaat!

 

 


Silahkan tuliskan tanggapan, kritik maupun saran