December 2017
Intermediate to advanced
364 pages
7h 30m
English
Content preview from Security Automation with Ansible 2
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Collecting file and domain malware identification and classification
One of the initial phases of malware analysis is identification and classification. The most popular source is using VirusTotal to scan and get the results of the malware samples, domain information, and so on. It has a very rich API and a lot of people have written custom apps that leverage the API to perform the automated scans using the API key for identifying the malware type. The following example is to set up the VirusTotal tool in the system, scan the malware samples against the VirusTotal API, and identify whether or not it's really malware. It generally checks using more than 60 antivirus scanners and tools and provides detailed information.