[Analyzer] GoReSym - Githubissues

intelowlproject / IntelOwl

IntelOwl: manage your Threat Intelligence at scale

https://intelowlproject.github.io

GNU Affero General Public License v3.0

3.19k stars 400 forks source link

[Analyzer] GoReSym #1451

Open mlodic opened 1 year ago

mlodic commented 1 year ago

Name

GoReSym

Link

https://github.com/mandiant/GoReSym

Type of analyzer

docker analyzer, to insert in the malware_analysis_tools image

Why should we use it

This allows to extract useful info when analyzing go binaries. This should be executed only after having detected that the file is go-compiled

Possible implementation

Follow the Usage tips in the official repo: https://github.com/mandiant/GoReSym

g4ze commented 3 weeks ago

Hey! @mlodic Any suggestions on the approach to check if the file is go-compiled?

We can do it after the analyzer has started and check it directly inside the analyzer. OR
We can integrate it into the framework to automatically identify it as soon as uploaded, like the other files.

mlodic commented 1 week ago

I would go with the first option: We can do it after the analyzer has started and check it directly inside the analyzer. cause we do the same for other similar cases.

Any suggestions on the approach to check if the file is go-compiled?

Maybe the tool itself checks it. Idk. You can try with some test files.