Kuburitswa kweREMnux 7.0, kugovera malware yekuongorora

Makore mashanu kubva pakaburitswa chinyorwa chekupedzisira akaumbwa kuburitswa kutsva kweakasarudzika Linux kugovera REM nux 7.0, yakagadzirirwa kudzidza uye kudzosera kumashure mainjiniya malware code. Munguva yekuongorora maitiro, REMnux inokutendera iwe kuti upe yakasarudzika marabhoritari nharaunda maunogona kutevedzera mashandiro etiweki sevhisi iri kurwiswa kuti udzidze maitiro eiyo malware mumamiriro ari padyo neayo chaiwo. Imwe nharaunda yekushandiswa kweREMnux ndeye kudzidza kwezvimiro zvekuisa zvakashata pamawebhusaiti akaiswa muJavaScript.

Kugovera kwakavakirwa paUbuntu 18.04 package base uye inoshandisa LXDE mushandisi nharaunda. Firefox inouya neNoScript yekuwedzera sewebhu browser. Iyo kit yekugovera inosanganisira yakanyatso kusarudzwa kwezvishandiso zvekuongorora malware, zvishandiswa zve reverse engineering kodhi, zvirongwa zvekufunda maPDF uye magwaro ehofisi akagadziridzwa nevanorwisa, uye maturusi ekutarisa chiitiko muhurongwa. Size boot mufananidzo REMnux, akagadzirirwa kuvhura mukati me virtualization system, iri 5.2 GB. Mukuburitswa kutsva, ese maturusi akapihwa akagadziridzwa, kuumbwa kwekugovera kwakawedzera zvakanyanya (saizi yemuchina wemashini mufananidzo wakapetwa kaviri). Rondedzero yezvishandiso zvakarongwa yakakamurwa muzvikamu.

Iyo kit inosanganisira zvinotevera zvishandiso:

• Webhusaiti thug, mitmproxy, Network Miner Yemahara Edition, curl they, wget, Burp Proxy Yemahara Edition, Automater, pdnstool, Tor, tcpextract, tcpflow, passive.py, CapTipper, yaraPcap.py;
• Ongororo yeakaipa Flash mavhidhiyo: xxswf, SWF Zvishandiso, RABCDsm, extract_swf, Flare;
• Java Analysis: Java Cache IDX Parser, JD-GUI Java Decompiler, JAD Java Decompiler, Javassist, CFR;
• JavaScript Analysis: Rhino Debugger, ExtractScripts, SpiderMonkey, V8, JS Beautifier;
• PDF Analysis: AnalyzePDF, Pdfobjflow, pdfid, pdf-parser, peepdf, Origami, PDF X-RAY Lite, pdftk, swf_mastah, qpdf, pdfresurrect;
• Ongororo yeMicrosoft Office zvinyorwa: officeparser, pyOLEScanner.py, oletools, libolecf, oledump, emldup, MSGConvert, base64dump.py, unicode;
• Shellcode analysis: ctest, unicode2hex-apukunyuka, unicode2raw, dism-izvi, shellcode2exe;
• Kuunza obfuscation muchimiro chinoverengwa (deobfuscation): unXOR, XORStrings, ex_pe_xor, XORSearch, brxor.py, xortool, NoMoreXOR, XORBruteForcer, Balbuzard, MAFUPA
• Kubvisa data yetambo: strdeobj, pestr, zvidzidzo;
• Kudzoreredza faira: Chinotangira, scalpel, bulk_extractor, Chopper;
• Network chiitiko chekutarisa: Wireshark, ngrep, TCP Dump, tcpick;
• Network masevhisi: FakeDNS, Nginx, fakeMail, Honeyd, INetSim, Kurudzira IRCd, OpenSSH, kugamuchira-zvose-ips;
• Network utilities: prettyping.sh, set-static-ip, vandudza-dhcp, netcat, EPIC IRC Mutengi, stunnel, Just-Metadata;
• Kushanda nemuunganidzwa wemienzaniso yemalware: Maltrieve, Ragpicker, nyoka, MASTIFF, Density Scout;
• Tsanangudzo yemasaini: YaraGenerator, IOCextractor, Autorule, Rule Editor, ioc-parser;
• Kuongorora: Yara, ClamAV, Trid, ExifTool, virustotal-submit, Disitool;
• Kushanda nemahashi: nsrlokup, Automater, Hash Identifier, totalhash, ssdeep, virustotal-search, VirusTotalApi;
• Linux malware kuongorora: Sysdig, Viga
• Disassemblers: Vivisect, Udis86, objdump;
• Debuggers: Evan's Debugger (EDB), GNU Project Debugger (GDB);
• Tracing systems: tambo, ltrace
• Wongorora: Radare 2, Pyew, bokken, m2elf, ELF Parser;
• Kushanda nedata data: SciTE, Geany, Vim;
• Kushanda nemifananidzo: feh, ImageMagick;
• Kushanda nemabhinari mafaira: wxHexEditor, VBinDiff;
• Memory dump analysis: Volatility Chimiro, findaes, AESKeyFinder, RSAKeyFinder, VolDiff, Rekall, linux_mem_diff_tool;
• Kuongororwa kwemafaira ePE eexecutable UPX, Bytehist, Density Scout, PackerID, objdump, Udis86, Vivisect, Signsrch, pescanner, ExeScan, pev, Peframe, pedump, bokken, RATDecoders, Pyew, readpe.py, PyInstaller Extractor, DC3-MWCP;
• Kuongorora kweMalware kune nharembozha: Androwarn, AndroGuard.

Source: opennet.ru