33. Tools for Event Analysis
This list of tools will help you with your event analysis.
33.1. VirusTotal
Used for: File Hashes, Domains, IPs, File Names
Also search for IPs and Domain Names – Examples:
https://www.virustotal.com/en/domain/DOMAIN/information/
https://www.virustotal.com/en/ip-address/58.158.177.102/information/
File Name Search – via Google Search:
inurl:virustotal.com filename
33.2. PEStudio
Windows tool that helps in the initial and static assessment of a file Sample (if available)
33.3. APT Custom Search
Custom Search Engine for APT related Sites
33.4. Hybrid Analysis
Used for: Samples Upload, search for methods and keywords
33.5. any.run
Used for Sample Upload and more
33.6. Automatic Hash Checks
You can use the Python script munin.py
to batch process lists of Hash values or even complete THOR log files as the script automatically extracts the relevant values from each line.
The best option is to use the *.csv
files produced after a THOR run and use them as input for the script.
user@unix~:$ cat *.csv >> all-hashes.csv
user@unix~:$ python munin.py –i config.ini –f all-hashes.csv
