{"id":313,"date":"2021-12-05T19:27:05","date_gmt":"2021-12-05T18:27:05","guid":{"rendered":"https:\/\/counterintelligence.pl\/?page_id=313"},"modified":"2021-12-13T22:41:10","modified_gmt":"2021-12-13T21:41:10","slug":"rainevm-reversing-analysis-workstation","status":"publish","type":"page","link":"https:\/\/counterintelligence.pl\/en\/rainevm-reversing-analysis-workstation\/","title":{"rendered":"RaineVM - Reversing \/\/ Analysis workstation"},"content":{"rendered":"<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2021\/12\/ra_loginscreen-edited.png?resize=640%2C360&#038;ssl=1\" alt=\"\" class=\"wp-image-315\" width=\"640\" height=\"360\" srcset=\"https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2021\/12\/ra_loginscreen-edited.png?w=767&amp;ssl=1 767w, https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2021\/12\/ra_loginscreen-edited.png?resize=300%2C169&amp;ssl=1 300w, https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2021\/12\/ra_loginscreen-edited.png?resize=18%2C10&amp;ssl=1 18w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-center has-large-font-size\"><a href=\"https:\/\/drive.google.com\/file\/d\/1VZUJ3FcZ3PYmwI211aearK2oUMP7R69Q\/view?usp=sharing\">Download here!<\/a><\/p>\n\n\n\n<p>Login: Raine<\/p>\n\n\n\n<p>password: reversing<\/p>\n\n\n\n<p>RaineVM in a way complements <a href=\"https:\/\/counterintelligence.pl\/en\/ronanvm\/\">Ronan<\/a> - it is an image of a virtual machine with installed tools for analyzing files, including malware. After we have obtained the samples in the course of our OSINT search, we can then transfer it to Raine and take a closer look. Why not just add these tools to RonanVM? In my opinion, analyzing files, especially potentially malicious ones, necessarily requires a separate environment. It's not even about the possibility of infecting our system - in the case of Linux it will be very limited - but about the system configuration that we will have to modify frequently - such as: adjusting network interface settings to disable or redirect traffic. And if we analyze a sample that may infect our system, we will very often restore the system to its initial state using snapshots.<\/p>\n\n\n\n<p>Raine just as Ronan have privacy oriented configuration - Ubuntu's telemetry is disabled as are features like file history, Firefox is also configured as in Ronan. As for the tools, the following are available:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/androguard\/androguard\">Androguard<\/a><\/li><li><a href=\"https:\/\/ibotpeaches.github.io\/Apktool\/\">apktool<\/a><\/li><li><a href=\"https:\/\/github.com\/afrantzis\/bless\">Bless Hex Editor<\/a><\/li><li><a href=\"https:\/\/box.js.org\">box-js<\/a><\/li><li><a href=\"https:\/\/github.com\/horsicq\/Detect-It-Easy\">Detect it easy<\/a><\/li><li><a href=\"https:\/\/github.com\/DidierStevens\/DidierStevensSuite\/blob\/master\/emldump.py\">emldump<\/a><\/li><li><a href=\"https:\/\/github.com\/exiftool\/exiftool\">ExifTool<\/a><\/li><li><a href=\"https:\/\/github.com\/mandiant\/flare-floss\">Floss<\/a><\/li><li><a href=\"https:\/\/ghidra-sre.org\">Ghidra<\/a><\/li><li><a href=\"https:\/\/github.com\/icsharpcode\/ILSpy\">ILSpy<\/a><\/li><li><a href=\"https:\/\/www.inetsim.org\">Inetsim<\/a><\/li><li><a href=\"https:\/\/github.com\/TeamMsgExtractor\/msg-extractor\">msg extractor<\/a><\/li><li><a href=\"https:\/\/github.com\/nolze\/msoffcrypto-tool\">msoffcrypto-tool<\/a><\/li><li><a href=\"https:\/\/blog.didierstevens.com\/programs\/oledump-py\/\">oledump<\/a><\/li><li><a href=\"https:\/\/github.com\/decalage2\/oletools\">oletools<\/a><\/li><li><a href=\"https:\/\/github.com\/gdelugre\/origami\">origami<\/a><\/li><li><a href=\"https:\/\/gitlab.com\/pdftk-java\/pdftk\">pdftk-java<\/a><\/li><li><a href=\"https:\/\/github.com\/blackberry\/pe_tree#:~:text=PE%20Tree%20is%20a%20Python,as%20perform%20import%20table%20reconstruction.\">pe-tree<\/a><\/li><li><a href=\"https:\/\/github.com\/erocarrera\/pefile\">pefile<\/a><\/li><li><a href=\"https:\/\/github.com\/jesparza\/peepdf\">peeppdf<\/a><\/li><li><a href=\"https:\/\/github.com\/merces\/pev\">pev<\/a><\/li><li><a href=\"https:\/\/github.com\/PowerShell\/PowerShell\">Powershell Core<\/a><\/li><li><a href=\"https:\/\/procdot.com\">Procdot<\/a><\/li><li><a href=\"https:\/\/github.com\/mozilla\/rhino\">RhinoJS<\/a><\/li><li><a href=\"https:\/\/ssdeep-project.github.io\/ssdeep\/index.html\">ssdeep<\/a><\/li><li><a href=\"http:\/\/sleuthkit.org\">The Sleuth Kit<\/a><\/li><li><a href=\"https:\/\/tshark.dev\/setup\/install\/\">tshark<\/a><\/li><li><a href=\"https:\/\/github.com\/tomchop\/unxor\/\">unxor<\/a><\/li><li><a href=\"https:\/\/upx.github.io\">upx<\/a><\/li><li><a href=\"https:\/\/github.com\/decalage2\/ViperMonkey\">ViperMonkey<\/a><\/li><li><a href=\"https:\/\/www.volatilityfoundation.org\">Volatility 2 + 3<\/a><\/li><li><a href=\"https:\/\/www.winehq.org\">Wine<\/a><\/li><li><a href=\"https:\/\/www.wireshark.org\">Wireshark<\/a><\/li><li><a href=\"https:\/\/github.com\/DissectMalware\/XLMMacroDeobfuscator\/tree\/master\/XLMMacroDeobfuscator\">XLMMacroDeobfuscator<\/a><\/li><li><a href=\"https:\/\/virustotal.github.io\/yara\/\">YARA<\/a><\/li><\/ul>","protected":false},"excerpt":{"rendered":"<p>Pobierz tutaj! Login: Raine has\u0142o: reversing RaineVM stanowi niejako uzupe\u0142nienie Ronana &#8211; jest to obraz maszyny wirtualnej z zainstalowanymi narz\u0119dziami s\u0142u\u017c\u0105cymi analizie plik\u00f3w, w\u0142\u0105czaj\u0105c z\u0142o\u015bliwe oprogramowanie. Po tym jak pozyskamy pr\u00f3bki w toku naszych OSINTowych poszukiwa\u0144 mo\u017cemy jej wi\u0119c przenie\u015b\u0107 do Raine i przyjrze\u0107 si\u0119 bli\u017cej. Dlaczego nie doda\u0107 tych [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":315,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"cybocfi_hide_featured_image":"yes","footnotes":""},"class_list":["post-313","page","type-page","status-publish","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>RaineVM - Reversing \/\/ Analysis workstation - counterintelligence.pl<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/counterintelligence.pl\/en\/rainevm-reversing-analysis-workstation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RaineVM - Reversing \/\/ Analysis workstation - counterintelligence.pl\" \/>\n<meta property=\"og:description\" content=\"Pobierz tutaj! Login: Raine has\u0142o: reversing RaineVM stanowi niejako uzupe\u0142nienie Ronana &#8211; jest to obraz maszyny wirtualnej z zainstalowanymi narz\u0119dziami s\u0142u\u017c\u0105cymi analizie plik\u00f3w, w\u0142\u0105czaj\u0105c z\u0142o\u015bliwe oprogramowanie. Po tym jak pozyskamy pr\u00f3bki w toku naszych OSINTowych poszukiwa\u0144 mo\u017cemy jej wi\u0119c przenie\u015b\u0107 do Raine i przyjrze\u0107 si\u0119 bli\u017cej. Dlaczego nie doda\u0107 tych [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/counterintelligence.pl\/en\/rainevm-reversing-analysis-workstation\/\" \/>\n<meta property=\"og:site_name\" content=\"counterintelligence.pl\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-13T21:41:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/counterintelligence.pl\/wp-content\/uploads\/2021\/12\/ra_loginscreen-edited.png\" \/>\n\t<meta property=\"og:image:width\" content=\"767\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@lawsecnet\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/rainevm-reversing-analysis-workstation\\\/\",\"url\":\"https:\\\/\\\/counterintelligence.pl\\\/rainevm-reversing-analysis-workstation\\\/\",\"name\":\"RaineVM - Reversing \\\/\\\/ Analysis workstation - counterintelligence.pl\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/rainevm-reversing-analysis-workstation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/rainevm-reversing-analysis-workstation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/counterintelligence.pl\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/ra_loginscreen-edited.png?fit=767%2C432&ssl=1\",\"datePublished\":\"2021-12-05T18:27:05+00:00\",\"dateModified\":\"2021-12-13T21:41:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/rainevm-reversing-analysis-workstation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/counterintelligence.pl\\\/rainevm-reversing-analysis-workstation\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/rainevm-reversing-analysis-workstation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/counterintelligence.pl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RaineVM &#8211; Reversing \\\/\\\/ Analysis workstation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/#website\",\"url\":\"https:\\\/\\\/counterintelligence.pl\\\/\",\"name\":\"counterintelligence.pl\",\"description\":\"Threat Inteliigence \\\/ OSINT \\\/ NETSEC \\\/ NATSEC\",\"publisher\":{\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/#\\\/schema\\\/person\\\/a2bd0e683e8f31df48bd02f45508e8ba\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/counterintelligence.pl\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/counterintelligence.pl\\\/#\\\/schema\\\/person\\\/a2bd0e683e8f31df48bd02f45508e8ba\",\"name\":\"Kamil Bojarski\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/counterintelligence.pl\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/ci_hor.png?fit=1521%2C721&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/counterintelligence.pl\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/ci_hor.png?fit=1521%2C721&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/counterintelligence.pl\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/ci_hor.png?fit=1521%2C721&ssl=1\",\"width\":1521,\"height\":721,\"caption\":\"Kamil Bojarski\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/counterintelligence.pl\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/ci_hor.png?fit=1521%2C721&ssl=1\"},\"sameAs\":[\"https:\\\/\\\/counterintelligence.pl\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/kamil-bojarski\\\/\",\"https:\\\/\\\/x.com\\\/lawsecnet\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RaineVM - Reversing \/\/ Analysis workstation - counterintelligence.pl","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/counterintelligence.pl\/en\/rainevm-reversing-analysis-workstation\/","og_locale":"en_US","og_type":"article","og_title":"RaineVM - Reversing \/\/ Analysis workstation - counterintelligence.pl","og_description":"Pobierz tutaj! Login: Raine has\u0142o: reversing RaineVM stanowi niejako uzupe\u0142nienie Ronana &#8211; jest to obraz maszyny wirtualnej z zainstalowanymi narz\u0119dziami s\u0142u\u017c\u0105cymi analizie plik\u00f3w, w\u0142\u0105czaj\u0105c z\u0142o\u015bliwe oprogramowanie. Po tym jak pozyskamy pr\u00f3bki w toku naszych OSINTowych poszukiwa\u0144 mo\u017cemy jej wi\u0119c przenie\u015b\u0107 do Raine i przyjrze\u0107 si\u0119 bli\u017cej. Dlaczego nie doda\u0107 tych [&hellip;]","og_url":"https:\/\/counterintelligence.pl\/en\/rainevm-reversing-analysis-workstation\/","og_site_name":"counterintelligence.pl","article_modified_time":"2021-12-13T21:41:10+00:00","og_image":[{"width":767,"height":432,"url":"https:\/\/counterintelligence.pl\/wp-content\/uploads\/2021\/12\/ra_loginscreen-edited.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@lawsecnet","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/counterintelligence.pl\/rainevm-reversing-analysis-workstation\/","url":"https:\/\/counterintelligence.pl\/rainevm-reversing-analysis-workstation\/","name":"RaineVM - Reversing \/\/ Analysis workstation - counterintelligence.pl","isPartOf":{"@id":"https:\/\/counterintelligence.pl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/counterintelligence.pl\/rainevm-reversing-analysis-workstation\/#primaryimage"},"image":{"@id":"https:\/\/counterintelligence.pl\/rainevm-reversing-analysis-workstation\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2021\/12\/ra_loginscreen-edited.png?fit=767%2C432&ssl=1","datePublished":"2021-12-05T18:27:05+00:00","dateModified":"2021-12-13T21:41:10+00:00","breadcrumb":{"@id":"https:\/\/counterintelligence.pl\/rainevm-reversing-analysis-workstation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/counterintelligence.pl\/rainevm-reversing-analysis-workstation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/counterintelligence.pl\/rainevm-reversing-analysis-workstation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/counterintelligence.pl\/"},{"@type":"ListItem","position":2,"name":"RaineVM &#8211; Reversing \/\/ Analysis workstation"}]},{"@type":"WebSite","@id":"https:\/\/counterintelligence.pl\/#website","url":"https:\/\/counterintelligence.pl\/","name":"counterintelligence.pl","description":"Threat Inteliigence \/ OSINT \/ NETSEC \/ NATSEC","publisher":{"@id":"https:\/\/counterintelligence.pl\/#\/schema\/person\/a2bd0e683e8f31df48bd02f45508e8ba"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/counterintelligence.pl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/counterintelligence.pl\/#\/schema\/person\/a2bd0e683e8f31df48bd02f45508e8ba","name":"Kamil Bojarski","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2023\/11\/ci_hor.png?fit=1521%2C721&ssl=1","url":"https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2023\/11\/ci_hor.png?fit=1521%2C721&ssl=1","contentUrl":"https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2023\/11\/ci_hor.png?fit=1521%2C721&ssl=1","width":1521,"height":721,"caption":"Kamil Bojarski"},"logo":{"@id":"https:\/\/i0.wp.com\/counterintelligence.pl\/wp-content\/uploads\/2023\/11\/ci_hor.png?fit=1521%2C721&ssl=1"},"sameAs":["https:\/\/counterintelligence.pl","https:\/\/www.linkedin.com\/in\/kamil-bojarski\/","https:\/\/x.com\/lawsecnet"]}]}},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/pages\/313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/comments?post=313"}],"version-history":[{"count":9,"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/pages\/313\/revisions"}],"predecessor-version":[{"id":374,"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/pages\/313\/revisions\/374"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/media\/315"}],"wp:attachment":[{"href":"https:\/\/counterintelligence.pl\/en\/wp-json\/wp\/v2\/media?parent=313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}