• Warning! Malware detected. Download at your own risk.
Home
Name Modified Size InfoDownloads / Week
README.txt 2015-03-02 6.5 kB
MiT@20150228.tar.gz 2015-03-02 79.7 MB
Totals: 2 Items   79.7 MB 0
###################################################################
分層區間二型模糊知識本體模型之異質惡意程式行為分析架構 
A Hierarchical IT2FO Model for Heterogeneous Malware Behavior Analysis Architecture
## Malware Analysis Network in Taiwan <MAN in Taiwan, MiT>
## http://MiT.TWMAN.ORG | <TonTon@TWMAN.ORG> 
## (C) 2015/02/28 TonTon Hsien-De Huang
## MiT README
###################################################################
This project is open source and distributed under the  GNU General Public License version 3.  Please feel free to add to or modify this source, propose changes, new converters and reference this website.
###################################################################
Official Website: http://MiT.TWMAN.ORG
Community on Google+:http://X.TWMAN.ORG/Community
SourceForge: http://X.TWMAN.ORG/SourceForge
FaceBook: http://X.TWMAN.ORG/Facebook 
###################################################################
Install / Setup User Guide: 請務必先撥空讀過下面說明及中英文網誌
Chinese Version: http://X.TWMAN.ORG/InstallC
English Version: http://X.TWMAN.ORG/InstallE
Server 端自動安裝影片 (Video): https://www.youtube.com/watch?v=U3Jrs-83tYQ
Client 端自動安裝影片 (Video): https://www.youtube.com/watch?v=jafYXci_Yas
(03:40 與 05:10 會有 ONE PIECE 亂入 ... xD)
#########################Chinese - How To################################
===2014/12/31===
請自行安裝 Server端為 CentOS x64 6.5 (需兩張網卡),Client 端請自行決定要安裝什麼系統 (EX: Windows XP、Windows 7、Android等;PS: Android的實體動態分析環境建置請恕不加以說明,如有迫切需要歡迎另外討論) ... 說明寫很多,但基本上請 " 務必 " 先對 DRBL/Clonezilla 的備份/還原 的辦法跟 製作映像檔 還有 無碟 Linux 跟開機/重開機等指令 弄熟,保證您一定可以自己建一套 異質架構 橫跨 PC / Android 的 " 實體叢集惡意程式行為分析平台 !

==1. 請下載目前最新的版本 " MiT@20150228.tar.gz " 這個檔案,再解壓縮到您的 CentOS 裡的 " / ",可以看到以下幾個目錄及檔案:


MiT-Server_Auto-Install.sh: 初始安裝設定 script 檔 (沒VM)
MiT-Server_Auto-VM_Install.sh: 初始安裝 script 檔 (有VM)
MiT-Server_Auto-VM_Setup.sh: 初始安裝完設定 script (有VM)
Malware-Sample_MiT: Exes、Queue、Temp,存放分析前後的樣本
Analysis-Report_MiT: 用來存放分析前及分析後的報告
MiT-Start.sh: Server端開始執行 script
Server-Toolkit_MiT.zip: 相關工具包
Client-Toolkit_MiT.exe
README.txt: 本文字檔
MiT-Run.sh
vt.py

==2. 並且於 Server 端執行 (MiT-Server_Auto-Install.sh) or (MiT-Server_Auto-VM_Install.sh 和 MiT-Server_Auto-VM_Setup.sh),記得要修改 DRBL 的 bridge 設定後重開機 (如果不做 VM 的話就不用);到這邊應該已經都設定完成,請記得編修 Client 的相關批次檔以及製作需使用的還原印像檔

==3. 同時將 Client-Toolkit_MiT.exe 放到Client端並執行 (這裡有影片: https://www.youtube.com/watch?v=jafYXci_Yas),執行後會看到 CaptureBAT-Setup-2.0.0-5574.exe、drbl-winroll-1.4.0-194-setup.exe、MiT-Client-Installer.exe等3個安裝檔以及ppt.bat等與MiT-CaptureBAT.bat幾個執行時的批次檔以及會COPY相關套件到C:\WINDOWS\System32裡

==4. 搜集各台的 mac 值填入 (有範例) 解壓後 Server-Toolkit_MiT的macadr-br0.txt及 Client 的 hosts.conf裡,供 drbl 及 drbl-winroll 使用;關於DRBL及 drbl-winroll 請自行參考官方網站及我另外寫的相關Blog說明

==5. 需確認 Server 是否可以控制 Client: 這裡沒辦法預設定,需要自己確認Client的網卡MAC以及IP或者是VM的DOMAIN,然後相關設定寫入到 MiT-Start.sh 裡,裡面有範例,同時也有判斷特定檔案格式來啟動特定Client的範例;Client端則需調整ppt(pptx/xls/xlsx/doc/docx/pdf).bat,MiT-CaptureBAT.bat需使其開機便啟動;此外 ! 要記得編輯控制DRBL做還原的指令檔!

#########################English - How To################################
Welcome to contact us (TonTon@TWMAN.ORG) if you are interested in collaborating with us.
Also, you can download the last version til now, the latest version is " MiT@2014.tar.gz ".

1. unzip MiT@20150228.tar.gz , and then you can see this txt file and some directory:
MiT-Server_Auto_Install.sh: install the toolkits for server initial
MiT-Server_Auto-VM_Install.sh: install the toolkits for server initial
MiT-Server_Auto-VM_SetUp.sh: set up the toolkits for server
Malware-Sample_MiT: store the malicious sample
Analysis-Report_MiT: store the analysis reports
Client-Toolkit_MiT.exe: set up the toolkits for clients
Server-Toolkit_MiT.zip: the toolkits for server install & set up 
MiT-Start.sh
MiT-Run.sh
README.txt
vt.py

2. Execute the (MiT-Server_Auto-Install.sh) or (MiT-Server_Auto-VM_Install.sh 和 MiT-Server_Auto-VM_Setup.sh), and then you will finish server install & setup

3: If you want to run MiT on Physical Machines, please setup the related information (EX:MAC address) for DRBL otherwise If you want to run MiT on Virtual Machines, please setup the related information (EX:qemu) for libvirtd. Default, you need complete these two steps. Also, you need to prepare the related OS environment (EX: Windows7, Windows 7 SP1 ... on Virtual Machine / Physical Machine)

4. When you finish these step on the below, please execute the Client-Toolkit_MiT.exe on Clients, it will install automated some basic software for clients; also you need install CaptureBAT-Setup-2.0.0-5574.exe、drbl-winroll-1.4.0-194-setup.exe、MiT-Client-Installer.exe

5. Please check you can send message to control clients from server (EX: open file by some program or restore clients image); for this request, you need create the clean and run images for clients by DRBL (Phtsical Macheine) or set up the libvirtd by qemu !

###################################################################
​Thanks for taking the time to read this README.
For more information you may need, please do not hesitate to inform me.
Best regards,

​TonTon
###################################################################
Malware Analysis Network in Taiwan <MAN in Taiwan, MiT>
http://MiT.TWMAN.ORG | <TonTon@TWMAN.ORG> 
(C) 2015/02/28 TonTon Hsien-De Huang
MiT README
###################################################################
Source: README.txt, updated 2015-03-02