IDA plugin
Threatray offers a plugin for the Hex Rays IDA Pro disassembler, enabling seamless access to Threatray's binary intelligence capabilities.
The plugin supports IDA 7.6+ on Windows and Linux and requires Python 3.8+ to be installed. It is available for download here and includes a README file for installation and usage instructions.
The following three functionalities are provided.
Code Detections: Show Threatray code detections per function in a table (1). Each function can be annotated with a comment, color and renamed to include a prefix of the code detection (2, 3).
This functionality is also available in the UI, as explained in more detail here.
Function Retrohunt: Retrohunt for one or multiple functions (1) and show all matching functions and their respective files and analyses (2) in Threatray.
The functionality is the same as with Retrohunt described here, but allows for free selection of functions.
Function Clustering: Cluster non-benign functions (2) of the file under investigation with functions of a selected set of other files that were previously analyzed by Threatray (1).
Updated 2 months ago