Analyzing APT1 with Cuckoobox, Volatility, and Yara

It is an exciting time to be a hobbyist or working in the Malware Analysis field. With tools and frameworks like MASTIFF, CuckooBox, Volatility, and many others, malware doesn’t stand a chance against a persistent malware analyst.

In the wake of the Mandiant APT1 report, Chort Row (@chort0) released a YouTube video showing how to analyze one of the APT1 malware samples with Cuckoobox, Volatility, and Yara.

By way of annotations in the video @chort0 gives the viewer several tips and tricks on how to analyze malware using these tools. Beyond the analysis aspect @chort0 also shows how to identify Indicators of Compromise (IOCs) and create Yara signatures based on them.

To learn more about Cuckoobox, Volatility, or Yara visit:


Today’s post pic is from Security Affairs.Co.

1 comment for “Analyzing APT1 with Cuckoobox, Volatility, and Yara

  1. February 27, 2013 at 11:32 pm

    #NOVABLOGGER: Analyzing APT1 with Cuckoobox, Volatility, and Yara

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.