I published the following diary on isc.sans.edu: “Malware Triage with FLOSS: API Calls Based Behavior“:
Malware triage is a key component of your hunting process. When you collect suspicious files from multiple sources, you need a tool to automatically process them to extract useful information. To achieve this task, I’m using FAME which means “FAME Automates Malware Evaluationâ€. This framework is very nice due to the architecture based on plugins that you can enable upon your needs. Here is an overview of my configuration… [Read more]