Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cybercentrecanada/assemblyline-service-vipermonkey

Assemblyline 4 VBA script emulator service
https://github.com/cybercentrecanada/assemblyline-service-vipermonkey

assemblyline emulator malware-analysis vba

Last synced: 2 months ago
JSON representation

Assemblyline 4 VBA script emulator service

Host: GitHub
URL: https://github.com/cybercentrecanada/assemblyline-service-vipermonkey
Owner: CybercentreCanada
License: mit
Created: 2020-04-08T01:01:00.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2024-09-13T14:05:07.000Z (4 months ago)
Last Synced: 2024-09-14T04:45:52.545Z (4 months ago)
Topics: assemblyline, emulator, malware-analysis, vba
Language: Python
Homepage: https://cybercentrecanada.github.io/assemblyline4_docs/
Size: 393 KB
Stars: 4
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md

Awesome Lists containing this project

README

## ViperMonkey Service

This service analyzes and emulates VBA macros contained in Microsoft Office files.

### Execution

This service uses Decalage's ViperMonkey (https://github.com/decalage2/ViperMonkey) for analysis/emulation. ViperMonkey will report the following:

1. All discovered actions including entry points. Able to decode base64 encoded commands.

2. Any VBA built-in functions used.

3. Detected URLs, URIs, and IP addresses.

3. Tags:

network.static.domain
network.static.ip
network.static.uri
network.port
technique.macro

### Safety

ViperMonkey may use eval() to speed up emulation. This service should be run in a sandboxed environment, which Assemblyline does by default for non-privileged services. This service should not be run in privileged mode.