Consider parsing malware names

fhightower / ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

GNU Lesser General Public License v3.0

157 stars 41 forks source link

Consider parsing malware names #22

Closed fhightower closed 4 years ago

fhightower commented 5 years ago

We could use something like https://github.com/fhightower/malware_name_mapping to parse malware names from text.

deadbits commented 5 years ago

This could also be a good source for malware family names: https://malpedia.caad.fkie.fraunhofer.de/families

fhightower commented 5 years ago

That's a great resource, thanks @deadbits!

fhightower commented 4 years ago

I've implemented this in the most recent version. Example usage:

s = 'Bublik Emotet Esfury Gootkit'
iocs = find_iocs(s)
malware_names = iocs['malware_names']
print(malware_names) # ['Esfury', 'Gootkit', 'Bublik', 'Emotet']