Malware/Anne - release 0.1
From CSRRT-LU
| Table of contents |
[edit]
Introduction
A first anne release is announced.
[edit]
Features
- XMLRPC interface for enqueuing, tracing, and querying reports of a foreign binary
- process foreign binary jobs (first come first served)
- define your analysis your self by inheriting from the AnneLang class
- logging feature
- persistant procesing capabilities, when the application crashes start it again and it continues its work
- central configuration file
- capabilities to add new plugins even third parties software
- web interface for uploading malware
- webinterface for tracing malware (information about your analysis state)
- webinterface for querying your report
- administration webinterface ( you can see the queues, clean them, see the logs )
[edit]
Architecture
In your background of your machine are running three processes
* one XMLRPC server * anne core that process your analysis tasks * webserver for hosting anne webinterface
[edit]
Interaction
At first anne core must be started, next the XMLRPC server is started. You can analyse your malware via XMLRPC or you simply use anne web interface where you can upload binary or query for reports.
[edit]
Anne web interface
[edit]
Screenshots
[edit]
Anne web interface - main
[edit]
Anne web interface - track your analysis
[edit]
Anne web interface - query your report
[edit]
Anne admin web interface - incomming queue
[edit]
Anne admin web interface - logs
