33. Tools for Event Analysis

This list of tools will help you with your event analysis.

33.1. VirusTotal

Used for: File Hashes, Domains, IPs, File Names
Also search for IPs and Domain Names – Examples:
File Name Search – via Google Search:
inurl:virustotal.com filename

33.2. PEStudio

Windows tool that helps in the initial and static assessment of a file Sample (if available)

33.4. Hybrid Analysis

Used for: Samples Upload, search for methods and keywords

33.5. any.run

Used for Sample Upload and more

33.6. Automatic Hash Checks

You can use the Python script munin.py to batch process lists of Hash values or even complete THOR log files as the script automatically extracts the relevant values from each line. The best option is to use the *.csv files produced after a THOR run and use them as input for the script.

user@unix~:$ cat *.csv >> all-hashes.csv
user@unix~:$ python munin.py –i config.ini –f all-hashes.csv