Aleph is designed to pipeline the analysis of malware samples. It has a series of collectors that will gather samples from many sources and shove them into the pipeline. The sample manager has a series of plugins that are ran against the sample and returns found data into JSON form.
These JSON data can be further processed and queried in a objective manner instead of grepping and regexing.
Go to https://github.com/trendmicro/aleph and grab the code!
- FileCollector: grabs samples from a local directory
- MailCollector: grabs samples from email attachments on a IMAP folder
- PEInfo: extracts info from PE files such as entrypoint, number of sections and some PE characteristics (SEH/ASLR/DEP)
- ZipArchivePlugin: extracts zip files and puts their contents back into analysis queue
- StringsPlugin: extracts strings from sample into three categories: All Strings, URI Strings and Filename Strings (not 100% but we do our best)
- VirustotalPlugin: check a sample SHA256 hash against Virustotal database and get the report. If that hash doesnt exist, send the file to analisys
- TrID: check the filetype of a sample
Be the first to post a review of Aleph!