MalwareClustering
README
Prerequisites:
Required:
- [ neo4j db instance ]( https : // neo4j . com / download / )
- pip3 install - r requirements
Optional:
- bulk import known malware samples in db from :
- [ cloned malpedia repo ]( https : // malpedia . caad . fkie . fraunhofer . de / )
- folder with some malicious sample with optional json malpedia like definition
from malwareclustering_api import Api
test = Api(host='127.0.0.1', port=7474, user='neo4j', password='password', threshold=40, folder_path='/home/user/malware_samples')
test.process()
MalwareClustering_Search
Author : LDO-CERT
License : AGPL-V3
Version : 1.0
Supported observables types :
- file
- hash
Registration required : False
Subscription required : False
Free subscription : False
Third party service :
Description
Uses ApiVectors to find similarities between malware samples.
Configuration
n4j_host
Neo4j server host
Default value if not configured
N/A
Type of the configuration item
string
The configuration item can contain multiple values
False
Is required
True
n4j_port
Neo4j server port
Default value if not configured
N/A
Type of the configuration item
number
The configuration item can contain multiple values
False
Is required
True
n4j_user
Neo4j server user
Default value if not configured
N/A
Type of the configuration item
string
The configuration item can contain multiple values
False
Is required
True
n4j_pwd
Neo4j server password
Default value if not configured
N/A
Type of the configuration item
string
The configuration item can contain multiple values
False
Is required
True
threshold
ApiScout correlation threshold
Default value if not configured
N/A
Type of the configuration item
string
The configuration item can contain multiple values
False
Is required
True
Templates samples for TheHive
December 17, 2024 17:53:43