Skip to content

dfn-certling/malware_name_mapping

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

108 Commits
scripts
scripts
 
 
.travis.yml
.travis.yml
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
mapping.csv
mapping.csv
 
 

Repository files navigation

Malware Name Mapping

There are a lot of different malware names used in the IT security community for the same kind of malware. This repository holds regular expression to match those and derive a commonly used malware family name.

This mapping is used in reporting (as generic name) and for statistics purpose.

Format

Currently it is comma-separated. The meaning of the columns is:

  1. regular expression, starting with ^ and ending with $. It can/should be applied case-insensitive. The field is encapsulated in double quotes (").
  2. malware family name
  3. optional comment (origin of the rule, where the malware names occur etc)

Tools

Lookup

> ./scripts/tools.py lookup b66-ir
Found match 'b66-ir' -> 'andromeda'.

Tests

To check the validity of the file, you can run ./scripts/test.py. It checks if

  • all lines do match the format,
  • there are not family matching to other family names and
  • that each family names is matched to itself.

About

A mapping of used malware names to commonly known family names

Resources

Readme

License

CC0-1.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%