Matteo Lodi
Matteo Lodi
## Name AILTypoSquatting ## Link https://github.com/ail-project/ail-typo-squatting ## Type of analyzer observable -> domain ## Why should we use it Project similar to DNStwist, it allows to extract potential typosquatted domains...
We could add .NET written files in PE_Info and, in case it matches, we could run the package `dotnetfile` (https://github.com/pan-unit42/dotnetfile) to extract static info from it
## Name AdGuard ## Link https://adguard-dns.io/kb/it/general/dns-providers/ ## Type of analyzer this should be used as domain/url analyzer ## Why should we use it We can get DNS resolution + whether...
## Name 1 - SURBL_Malicious_Detector 2 - Spamhaus_DBL_Malicious_Detector ## Link https://www.spamhaus.org/faq/section/Spamhaus%20DBL#271 ## Type of analyzer observable -> domain only We can check whether a domain is blocked or not by...
## Name ProtonDNS ## Link https://protondns.org/ ## Type of analyzer observables -> domains only. We can also support URLs by extracting the related domain ## Why should we use it...
## Name Malprob ## Link https://malprob.io ## Type of analyzer observable (hash) analyzer: hash check: https://malprob.io/api#tag/Searching and file analyzer: send file for scan in case the hash is not available:...
## Name CyCat ## Link https://cycat.org/about/ ## Type of analyzer generic analyzer: * if a UUID is submitted, perform UUID lookup * else perform full text search and then UUID...
## Name GoReSym ## Link https://github.com/mandiant/GoReSym ## Type of analyzer docker analyzer, to insert in the malware_analysis_tools image ## Why should we use it This allows to extract useful info...
A classic ingestor could be one made from a popular file service like Malshare. We could extract the samples from [here](https://malshare.com/doc.php) periodically and send them to be analyzed. CARE: This...
A classic ingestor could be one made from a popular file service like MalwareBazaar. We could extract the samples from [here](https://bazaar.abuse.ch/api/#latest_additions) periodically and send them to be analyzed. CARE: This...