LiSa: Sandbox for automated Linux malware analysis
Project providing automated Linux malware analysis on various CPU architectures.
- QEMU emulation.
- Currently supporting x86_64, i386, arm, mips, aarch64.
- Small images built w/ buildroot.
- Radare2 based static analysis.
- Dynamic (behavioral) analysis using SystemTap kernel modules – captured syscalls, openfiles, process trees.
- Network statistics and analysis of DNS, HTTP, Telnet, and IRC communication.
- Endpoints analysis and blacklists configuration.
- Scaled with celery and RabbitMQ.
- REST API | frontend.
- Extensible through sub-analysis modules and custom images.
Copyright 2019 Daniel Uhříček