Skip to content

MalwareClustering#

README

Prerequisites:#

Required:#

- [neo4j db instance](https://neo4j.com/download/)
- pip3 install -r requirements

Optional:#

- bulk import known malware samples in db from:
    - [cloned malpedia repo](https://malpedia.caad.fkie.fraunhofer.de/)
    - folder with some malicious sample with optional json malpedia like definition
from malwareclustering_api import Api
test = Api(host='127.0.0.1', port=7474, user='neo4j', password='password', threshold=40, folder_path='/home/user/malware_samples')
test.process()

Author: LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- hash
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Uses ApiVectors to find similarities between malware samples.

Configuration#

n4j_host Neo4j server host
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
n4j_port Neo4j server port
Default value if not configured N/A
Type of the configuration item number
The configuration item can contain multiple values False
Is required True
n4j_user Neo4j server user
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
n4j_pwd Neo4j server password
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
threshold ApiScout correlation threshold
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

No template samples to display.


Last update: October 16, 2020 10:16:04