Just knowing one particular skill and being efficient is a thing of the past. As malware and the threat landscape itself is polymorphic in concept and design, the approach is be more than the archaic methodology of creating signatures. To know the threat actors and gather intelligence, a multi-pronged approach of the three essential grounds that have to be covered are:
Surveillance and monitoring
Analyses and visualization
Sandboxing and reporting
We will cover some tools and as to how they relate towards coming towards the goals one step closer:
Modern Honey Network: This can be found at http://threatstream.github.io/mhn/ and https://github.com/threatstream/mhn
Malware Control Monitor: This can be found at https://github.com/marcoramilli/malcontrol
Canari: This can be found at https://github.com/allfro/canari
Malcom: This can be found at https://github.com/tomchop/malcom
Cuckoo Sandbox: This can be found at https://github.com/cuckoobox/cuckoo
Malware samples crawler...