Samples

The Sample is the original top-level object that CRITs was developed around. You can upload binaries into CRITs as Samples and perform some basic analysis on it. Samples can also be uploaded as "metadata-only" which means you only need to provide a filename and an MD5. This allows you to generate relationships and add information about the Sample without needing the binary. If you upload the binary in the future, it will automatically associated with the metadata. Most commonly, Samples are carved from PCAP files, come as Email attachments, or are dropped on hosts as part of malicious activity.

When you upload a binary CRITs will automatically generate:

Filetype
Mimetype
MD5
SHA1
SHA256
SSDeep

You can also assign Backdoors and Exploits to a Sample. CRITs gives you the ability to Unrar and Unzip the Sample if needed. There is a Tools tab which gives you a couple stock features:

Strings: View the output of running strings on the data.
Stack Strings: View the stack strings of the data.
Hex: View the data in hex format.
Tools: Focused on determining the XOR key for XOR-encoded binaries. It will allow you to do a search using some default strings, or one of your own, and try to find any potential keys to decode with. You can then go through each one and view the output of XORing the binary with that key. It also allows you to quickly add comments and Objects to the Sample from this page without having to change tabs.

The vast majority of services that have been developed focus on Samples (being the oldest top-level object). Some of the most commonly used services are:

MachoInfo: Parse a Mach-O file for useful information.
OfficeMeta: Parse Office documents for useful information.
PDFInfo: Parse a PDF file for useful information.
PEInfo: Parse a PE file for useful information.
Pyew: Run the binary in Pyew (https://code.google.com/p/pyew/) directly from the UI and interact with it.
UPX: Unpack the Sample.
Virustotal: Look up the binary on Virustotal and pull down any information it may have.
Yara: Runs the binary through yara using your own rule files and returns the results. Also comes with a Yara Rule Tester tab. Using this tab you can develop and test a yara rule directly in the UI before adding it to your rule file(s).

Samples

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally