LiSa: Sandbox for automated Linux malware analysis
![Linux malware analysis](https://b3442631.smushcdn.com/3442631/wp-content/uploads/2019/04/logo-white-1320x500.png?lossy=1&strip=1&webp=1)
LiSa
Project providing automated Linux malware analysis on various CPU architectures.
Features
- QEMU emulation.
- Currently supporting x86_64, i386, arm, mips, aarch64.
- Small images built w/ buildroot.
- Radare2 based static analysis.
- Dynamic (behavioral) analysis using SystemTap kernel modules – captured syscalls, openfiles, process trees.
- Network statistics and analysis of DNS, HTTP, Telnet, and IRC communication.
- Endpoints analysis and blacklists configuration.
- Scaled with celery and RabbitMQ.
- REST API | frontend.
- Extensible through sub-analysis modules and custom images.
Copyright 2019 Daniel Uhříček