MalwareClustering
MalwareClustering_Search
Details
Author |
LDO-CERT |
Version |
1.0 |
License |
AGPL-V3 |
Website |
|
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
file, hash |
Description
Uses ApiVectors to find similarities between malware samples.
Configuration
Name |
Description |
n4j_host |
Neo4j server host |
n4j_port |
Neo4j server port |
n4j_user |
Neo4j server user |
n4j_pwd |
Neo4j server password |
threshold |
ApiScout correlation threshold |
Additional details from the README file:
Prerequisites:
Required:
- [neo4j db instance](https://neo4j.com/download/)
- pip3 install -r requirements
Optional:
- bulk import known malware samples in db from:
- [cloned malpedia repo](https://malpedia.caad.fkie.fraunhofer.de/)
- folder with some malicious sample with optional json malpedia like definition
from malwareclustering_api import Api
test = Api(host='127.0.0.1', port=7474, user='neo4j', password='password', threshold=40, folder_path='/home/user/malware_samples')
test.process()