aurora
aurora copied to clipboard
W3ndige
Malware similarity platform with modularity in mind.
Directories in https://github.com/W3ndige/aurora/tree/master/kartons are subprojects. To get them, user may clone project by command `git clone --recursive https://github.com/W3ndige/aurora`. However, subproject path in https://github.com/W3ndige/aurora/blob/master/.gitmodules was set as `ssh@`, which causes normal...
Hello. I tried creating docker-compose with commands from readme. I got error message `Unsupported config version `. The problem is similar to this topic https://stackoverflow.com/questions/36724948/docker-compose-unsupported-config-option-for-services-service-web. Solution: Add `version: "3.0"` to...
This can yield better results than minhashing whole disassembly by comparing if some of the functions are similar to the others in database.
Malware similarity profile should be standardized into a clean and understandable summary of a malware sample. Something like this. ```json { "profile": { "filename": "filename", "md5": "md5", "sha1": "sha1", "sha256":...
References: * https://neo4j.com/developer/graph-database/
* https://mwdb.readthedocs.io/en/latest/integration-guide.html
Add maldoc similarity karton based on the embedded images and (or) other characteristics of a document. References: https://github.com/jstrosch/graph-maldoc-similar-images
Add single karton for communicating with aurora. Allows for unit tests for other kartons.
Add karton for adding relationship with similar strings. Optimization ideas: * Store string length in db and choose only strings with length different by only a small factor. References: https://github.com/seatgeek/fuzzywuzzy
* Minhashing functions instead of whole code.