A quick blog post about a module that I wrote to interconnect the malware analysis framework Viper and the malware analysis platform A1000 from ReversingLabs.
The module can perform two actions at the moment: to submit a new sample for analysis and to retrieve the analysis results (categorization):
viper sample.exe > a1000 -h usage: a1000 [-h] [-s] [-c] Submit files and retrieve reports from a ReversingLab A1000 optional arguments: -h, --help show this help message and exit -s, --submit Submit file to A1000 -c, --classification Get classification of current file from A1000 viper sample.exe > a1000 -s [*] Successfully submitted file to A1000, task ID: 393846 viper sample.exe > a1000 -c [*] Classification - Threat status : malicious - Threat name : Win32.Trojan.Fareit dw eldorado - Trust factor : 5 - Threat level : 2 - First seen : 2018-02-09T13:03:26Z - Last seen : 2018-02-09T13:07:00Z
The module is available on my GitHub repository.
[The post Viper and ReversingLabs A1000 Integration has been first published on /dev/random]
from Xavier
No comments:
Post a Comment