Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara

If you have not installed Volatility yet, carry out the following steps:

  1. You can use this command to install the latest version of Volatility on your system:
    $ svn checkout http://volatility.googlecode.com/svn/trunk/volatility-read-only
    $ cd volatility-read-only
    $ python setup.py build
    $ sudo python setup.py install
    
  2. To make things easier, you can make a shortcut alias command for Volatility by editing your .bashrc file:
    $ nano  ~/.bashrc
    
  3. Go to the end of line, and add this command:
    $ alias vol.py="/home/user/Download/Volatility-read-only/vol.py
    
  4. Save and Exit.
  5. Please notice that /home/user/Download/Volatility-read-only/vol.py is the Volatility directory in your system.

    You can replace ...

Get Cuckoo Malware Analysis now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.