Untuk siapa saja yang tertarik belajar tentang analisa malware, ada yang ngumpulin daftar berbagai macam tools keren tentang malware. Nama listnya “Awesome malware analysis”. Bisa dilihat pada halaman github berikut:
https://github.com/rshipp/awesome-malware-analysis
Jadi di web tersebut ada banyak list menarik, contohnya ada list berbagai macam jenis Honeypot:
- Conpot – ICS/SCADA honeypot.
- Cowrie – SSH honeypot,
- Dionaea – Honeypot malware.
- Glastopf – Web application honeypot.
- Honeyd – virtual honeynet.
- HoneyDrive – Honeypot bundle Linux distro.
- Mnemosyne – untuk pengolahan data honeypot;
- Thug – Low interaction honeyclient,
Kalo mau nyari sampel malware buat dipelajari bisa dilihat disini:
- Clean MX
- Contagio
- Exploit Database
- Malshare
- MalwareDB
- Open Malware Project
- Ragpicker
- theZoo
- ViruSign
- VirusShare
- Zeltser’s Sources
- Zeus Source Code
Selain itu ada juga beberapa tools Open Source Threat Intelligence:
- AbuseHelper – An open-source framework for receiving and redistributing abuse feeds and threat intel.
- AlienVault Open Threat Exchange – Share and collaborate in developing Threat Intelligence.
- Combine – Tool to gather Threat Intelligence indicators from publicly available sources.
- Fileintel – Pull intelligence per file hash.
- Hostintel – Pull intelligence per host.
- IntelMQ – A tool for CERTs for processing incident data using a message queue.
- IOC Editor – A free editor for XML IOC files.
- ioc_writer – Python library for working with OpenIOC objects, from Mandiant.
- Massive Octo Spice – Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation.
- MISP – Malware Information Sharing Platform curated by The MISP Project.
- PassiveTotal – Research, connect, tag and share IPs and domains.
- PyIOCe – A Python OpenIOC editor.
- threataggregator – Aggregates security threats from a number of sources, including some of those listed below in other resources.
- ThreatCrowd – A search engine for threats, with graphical visualization.
- ThreatTracker – A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.
- TIQ-test – Data visualization and statistical analysis of Threat Intelligence feeds.
Daftar beberapa tools antivirus dan deteksi malware
- AnalyzePE – Wrapper for a variety of tools for reporting on Windows PE files.
- chkrootkit – Local Linux rootkit detection.
- ClamAV – Open source antivirus engine.
- Detect-It-Easy – A program for determining types of files.
- ExifTool – Read, write and edit file metadata.
- hashdeep – Compute digest hashes with a variety of algorithms.
- Loki – Host based scanner for IOCs.
- Malfunction – Catalog and compare malware at a function level.
- MASTIFF – Static analysis framework.
- MultiScanner – Modular file scanning/analysis framework
- nsrllookup – A tool for looking up hashes in NIST’s National Software Reference Library database.
- packerid – A cross-platform Python alternative to PEiD.
- PEV – A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries.
- Rootkit Hunter – Detect Linux rootkits.
- ssdeep – Compute fuzzy hashes.
- totalhash.py – Python script for easy searching of the TotalHash.cymru.com database.
- TrID – File identifier.
- YARA – Pattern matching tool for analysts.
- Yara rules generator – Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives.
dan masih banyak lagi. Silahkan dibaca-baca dan dicoba-coba. Terutama untuk para pejuang PA, mungkin ada 1 atau 2 tools yang bisa dijadikan judul.
Semoga bermanfaat!