Samples and Analysis with CRITS

Screenshot_2019-10-08 CRITs Collaborative Research Into Threats

A power function of CRITs is handling, managing and organizing the results of working with sample files.  Whether as a function of threat intelligence research, dealing with service tickets or incidents, juggling samples is always a requirement.  CRITs helps this process by providing a place to contain samples as well as automated and on-demand processing and analysis. Getting a sample into CRITs couldn’t be easier.  Below is a snapshot of a sample upload (some data removed for obvious reasons).

Once its in the system, CRITs begins its magic.  Without services brought into play, out of the box CRITs provides you a ton of instant data.

  • Filetype
  • Mimetype
  • Size
  • MD5
  • SHA1
  • SHA256
  • SSDeep

It also provides access to the rest of the tools common to any object in the system:

The real power of handling samples is via CRITs services.  Mountains of possibility exist here; a few too many to highlight them all.  A couple, though are very much worth the mention:

YARA Service is a favorite of mine.  It provides a rule checker tab that lets you run YARA rules against the sample.

RAT decoder Service leverages python scripts to decode configuration files from RATS,  an excellent time saver.

PYEW Service  lets you run a sample through the pyew, a static analysis tool.

Entropycalc Service provides an entropy map of a sample.

And, of course, all the sample upload/request services, like Virustotal that are available.

If you’re interested in learning more about how to leverage CRITs, check out our introduction to CRITs blog here.  To take your knowledge a step further, take a look at our cybersecurity trainings here.

About the author

Monty St John

Monty is a security professional with more than two decades of experience in threat intelligence, digital forensics, malware analytics, quality services, software engineering, development, IT/informatics, project management and training. He is an ISO 17025 laboratory auditor and assessor, reviewing and auditing 40+ laboratories. Monty is also a game designer and publisher who has authored more than 24 products and 35 editorial works.