The original post: /r/cybersecurity by /u/AdmirableHabit5603 on 2024-12-27 02:38:50.

As the title suggests, I’m working on a malware analysis/CTI project to complement TryHackMe’s SOC Level 1 path.

So far, I plan to take 4 malware samples from the following cyberattacks: Ryuk, WannaCry, NotPetya, and MedusaLocker, get an analysis report using Joe Sandbox, then write my own YARA rules.

I have some questions:

1. Walkthrough of installing & running malware in a sandbox - I’m familiar with FlareVM, but I’m confused about installing malware in a (potentially) internet-connected sandbox before detonating.
2. What are some good methods of extracting strings to use for YARA? Any videos/guides I can consult to get a better idea?