Skip to content
This repository was archived by the owner on May 14, 2024. It is now read-only.
This repository was archived by the owner on May 14, 2024. It is now read-only.

Standardise malware similarity profile. #22

Open
Open
Standardise malware similarity profile.#22
Assignees
W3ndige
Labels
auroraIssues related to auroraenhancementNew feature or request
@W3ndige

Description

@W3ndige
W3ndige
opened on Apr 20, 2021

Malware similarity profile should be standardized into a clean and understandable summary of a malware sample.

Something like this.

{
    
    "profile": {
        "filename": "filename",
        "md5": "md5",
        "sha1": "sha1",
        "sha256": "sha256",
        "sha512": "sha512",
        "imphash": "imphash",
        "ssdeep": "ssdeep",

        
        "minhash": {
            "string": "minhash of file strings",
            "code": [
                {
                    "function_addr": "address of function",
                    "function_minhash": "minhash of functions assembly code"
                }
            ]
        },

        "artifacts": {
            "unique_strings": [
                "list of unique strings found by different heuristics."
            ]
        }
    }
}

Metadata

Metadata

Assignees

Labels

auroraIssues related to auroraenhancementNew feature or request

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions