Tag Archives: fame

Open Source Malware Analysis Platform: FAME


FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework. Instead of developing several scripts for different tasks related to malware analysis, develop FAME modules that will be able to collaborate with each other.

FAME was built to facilitate malware analysis by automating as many tasks as possible.  The real work of malware analysis is done by processing modules. FAME will do its best to determine what processing modules should be run during each analysis, and will chain modules’ execution in order to achieve end-to-end analysis.

Each processing module can produce the following analysis elements:

  • Probable Name: this is the malware family. A module should only set the probable name if it has a very high confidence in its diagnostic.
  • Extractions: this is text information that should be the most useful for the analyst. A typical example would be malware’s configuration.
  • Tags: a tag is a computer-friendly piece of information that describes the analysis. Can be seen as a form of signature name.
  • Generated Files: files that were produced by the analysis, such as memory dumps.
  • Support Files: files that can be downloaded by the analyst, such as a sandbox analysis report.
  • Extracted Files: files that deserve an analysis of their own.
  • IOCs: indicators of compromise that could be used to detect this malware.
  • Detailed Results: any kind of information that would be useful to the analyst.

    When analyzing a file, the first step is to determine the file type. FAME will try to determine the file type based on the file extension and python-magic. A FAME-specific file type will then be associated to the file using different indicators (examples: “executable”, “word”, “pdf”, etc.). Then, the analyst has to choose between two types of analysis: Just Do Your Magic (recommended) or Targeted analysis.


FAME relies on modules to add functionality. Modules are actually Python classes that inherit from the fame.core.module.Module class.

Several kind of modules can be created:

  • ProcessingModule: this is where FAME’s magic is. A ProcessingModule should define some automated analysis that can be performed on some types of files / analysis information.
  • ReportingModule: this kind of module enables reporting options, such as send analysis results by email, or post a Slack notification when the analysis is finished.
  • ThreatIntelligenceModule: this kind of modules acts on IOCs. a ThreatIntelligenceModule has two roles:
    • Enrich the analysis, by adding Threat Intelligence information on IOCs when they are added to the analysis.
    • Enrich the Threat Intelligence Platform with IOCs extracted by FAME.
  • AntivirusModule: modules that act on files, and send them to antivirus vendors.

Download Link & Source : https://n0where.net/open-source-malware-analysis-platform-fame/ 

LulzSec Shuts Down, Ends Hacking Campaign

LulzSec, the hacker group that has hacked the CIA, U.S. Senate, Nintendo, Sony and others, has surprisingly announced that it is disbanding.

LulzSec, short for Lulz Security, claims that it intended to only operate for 50 days as an attempt to revive the AntiSec movement, which is opposed to the computer security industry.

“For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” the hacker group said in its announcement. “All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love.”

The release continues on, explaining that the organization is not tied to its LulzSec identity and has succeeded in bringing back the AntiSec movement. The group, in fact, encourages others to take up its cause. “We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us… Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”

As its final parting gift, the group released one last data dump with data allegedly taken from AT&T, AOL, Disney, Universal, EMI and the FBI.

The group has had its way with corporations and governments for the last two months. It took down the CIA’s websitehacked Sony’s servers, released sensitive documents from the Arizona state government andattacked the U.S. Senate’s website. While a suspected member of LulzSec was recently apprehended, the group claims he was not its leader.

The end of LulzSec doesn’t mean the end of hacker attacks, of course. Long-standing hacker group Anonymous is still around, and we bet other groups will form in the wake of the group’s disbandment. And with277,000+ followers and a captivated audience, we bet LulzSec will come back in one form or another. We also doubt its disbandment will stop authorities from searching for its masterminds.

What do you think of LulzSec and its AntiSec mission? What do you think will happen next? Let us know what you think in the comments.