Minke is a platform for performing malware analysis in Docker containers, even for Windows. Using WINE and QEMU, Minke allows for scalable and concurrent dynamic sample monitoring from a robust HTTP API.
Minke is intended to be a dynamic malware analysis component. It simply executes and monitors samples and outputs executed syscalls/APIs, network traffic, screenshots, dropped files, and PCAPs. It utilizes Ports4U to spoof DNS and dynamically detect and start network services to provide a more thorough network analysis.
Minke doesn't match any signatures against activity, it just collects the activity for somebody else to use, such as Kogia.
Containers allows Kogia to process multiple samples at a time on a single system, even of different architectures and operating systems.
| Operating System | Architectures |
|---|---|
| Windows | x86, x86_64 |
| Linux | x86, x86_64, ARM, AARCH64/ARM64, MIPS, MIPSEL, PowerPC, s390x, SH4, SPARC |
With the tradeoff off certain limitations, Minke allows analysis to scale to meet larger throughput demands.
See instructions here
Minke is primarily used through an API. You can see its live Swagger documentation at http://<MINKE_HOST>:8000/docs.