33. Tools for Event Analysis
This list of tools will help you with your event analysis.
Used for: File Hashes, Domains, IPs, File Names
Also search for IPs and Domain Names – Examples:
File Name Search – via Google Search:
Windows tool that helps in the initial and static assessment of a file Sample (if available)
33.3. APT Custom Search
Custom Search Engine for APT related Sites
33.4. Hybrid Analysis
Used for: Samples Upload, search for methods and keywords
Used for Sample Upload and more
33.6. Automatic Hash Checks
You can use the Python script
munin.py to batch process lists of Hash values or even complete THOR log files as the script automatically extracts the relevant values from each line.
The best option is to use the
*.csv files produced after a THOR run and use them as input for the script.
user@unix~:$ cat *.csv >> all-hashes.csv user@unix~:$ python munin.py –i config.ini –f all-hashes.csv