I've the pleasure to *finally* unveil the second version of Dorothy: a malware/botnet analysis framework written in Ruby.
Dorothy2 is a framework created for mass malware analysis. Currently, it is mainly based on analyzing the network behavior of a virtual machine where a suspicious executable was executed. However, static binary analysis and system behavior analysis will be shortly introduced in further versions.
We where glad to announce yet another tool during our annual workshop in San Francisco. Glaspot is the third version of the web application honeypot Glastopf and it come with some very powerful new features:
Beta version is out and the install instructions are available at the project webpage. The new features are:
The following figures show the new visualization added to the beta version.
The Android application sandbox is now ready for an alpha release. Details on how to get DroidBox running are available at the project webpage.
At the moment, the following actions are logged during runtime:
One of the very first Android malwares, Geinimi has been analyzed in the application sandbox DroidBox that is currently being developed. The project is part of GSoC 2011 in collaboration with Honeynet and as a master thesis. The Geinimi application uses DES encryption, and it's possible to uncrypt statically the content, see picture below.