A power function of CRITs is handling, managing and organizing the results of working with sample files. Whether as a function of threat intelligence research, dealing with service tickets or incidents, juggling samples is always a requirement. CRITs helps this process by providing a place to contain samples as well as automated and on-demand processing and analysis. Getting a sample into CRITs couldn’t be easier. Below is a snapshot of a sample upload (some data removed for obvious reasons).
Once its in the system, CRITs begins its magic. Without services brought into play, out of the box CRITs provides you a ton of instant data.
- Filetype
- Mimetype
- Size
- MD5
- SHA1
- SHA256
- SSDeep
It also provides access to the rest of the tools common to any object in the system:
The real power of handling samples is via CRITs services. Mountains of possibility exist here; a few too many to highlight them all. A couple, though are very much worth the mention:
YARA Service is a favorite of mine. It provides a rule checker tab that lets you run YARA rules against the sample.
RAT decoder Service leverages python scripts to decode configuration files from RATS, an excellent time saver.
PYEW Service lets you run a sample through the pyew, a static analysis tool.
Entropycalc Service provides an entropy map of a sample.
And, of course, all the sample upload/request services, like Virustotal that are available.
If you’re interested in learning more about how to leverage CRITs, check out our introduction to CRITs blog here. To take your knowledge a step further, take a look at our cybersecurity trainings here.