2020-01-03 23:36:38 +07:00
|
|
|
# Tools
|
|
|
|
|
### Online Sandbox
|
|
|
|
|
|name|site|remarks|
|
|
|
|
|
|:-|:-|:-|
|
|
|
|
|
|AMAaaS|https://amaaas.com/|apk only|
|
|
|
|
|
|ANYRUN|https://app.any.run/#register||
|
|
|
|
|
|Intezer Analyze|https://analyze.intezer.com/#/||
|
|
|
|
|
|IRIS-H|https://iris-h.services/pages/dashboard|maldoc only|
|
|
|
|
|
|CAPE Sandbox|https://cape.contextis.com/||
|
|
|
|
|
|Joe Sandbox Cloud|https://www.joesandbox.com/||
|
|
|
|
|
|cuckoo|https://cuckoo.cert.ee/||
|
|
|
|
|
|cuckoo|https://sandbox.pikker.ee/||
|
|
|
|
|
|Hybrid Analysis|https://www.hybrid-analysis.com/?lang=ja||
|
|
|
|
|
|ViCheck|https://www.vicheck.ca/submitfile.php||
|
|
|
|
|
|Triage|https://tria.ge/||
|
|
|
|
|
|Yomi Sandbox|https://yomi.yoroi.company/upload||
|
|
|
|
|
|UnpacMe|https://www.unpac.me/#/|online unpacker,beta|
|
|
|
|
|
|
2020-01-12 01:11:09 +07:00
|
|
|
### Unpacker
|
2020-01-12 01:12:15 +07:00
|
|
|
- 攻撃者グループTA505が利用するマルウェア(GetandGoDll, Silence, TinyMet, Azorult, KBMiner, etc.)の静的アンパッカー<br>
|
2020-01-12 01:11:09 +07:00
|
|
|
[TAFOF-Unpacker](https://github.com/Tera0017/TAFOF-Unpacker)
|
|
|
|
|
|
2020-01-04 00:51:36 +07:00
|
|
|
# Doc Analysis
|
2020-01-04 00:51:54 +07:00
|
|
|
- VBA マクロの解析についての資料<br>
|
2020-01-04 00:51:36 +07:00
|
|
|
[Advanced VBA Macros Attack&Defence,BHEU2019](https://www.decalage.info/files/eu-19-Lagadec-Advanced-VBA-Macros-Attack-And-Defence.pdf)<br>
|
2020-01-03 23:36:38 +07:00
|
|
|
|
2020-01-04 00:51:36 +07:00
|
|
|
# Binary Analysis
|
2020-01-03 14:53:28 +07:00
|
|
|
### Symbolic Execurtion
|
|
|
|
|
to do...
|
|
|
|
|
### Taint Analysis
|
|
|
|
|
to do...
|
|
|
|
|
### Decompiler
|
|
|
|
|
### ref:
|
|
|
|
|
- Intel系アーキテクチャSoftware Developer向けのマニュアル<br>
|
|
|
|
|
[Intel® 64 and IA-32 Architectures Software Developer Manuals](https://software.intel.com/en-us/articles/intel-sdm)<br>
|
