Scott Roberts released a simple yet easy to use Python script to store and query your collection of malware samples into a SQLite database. The process is simple; it allows storage (indexing basic sample metadata) and retrieval of your samples. The database allows for query by filename, MD5 and SHA256 hashes. The malwarehouse package can be downloaded here. I changed my database location from the malwarehouse.py script option_base_dir = os.path.expanduser("~/Desktop/malwarehouse/") to option_base_dir = os.path.expanduser("~/malwarehouse/") because this server doesn't have X-Windows running.
guy@seeker:~/malwarehouse$ ./malwarehouse.py -s zz87lhfda88.com -t PWS-LegMir.dll -n "Low detection" 1.exe
guy@seeker:~/malwarehouse$ ./malwarehouse.py -s zz87lhfda88.com -t PWS-LegMir.dll -n "Low detection" 1.exe
guy@seeker:~/malwarehouse$ ./malwarehouse.py -f 41f5e475e086c991873a35c58234213fc01331d655f3f39a2f1a6d2f0e0ed6b8
If you are looking for a simple and yet effective way of tracking your malware samples, malwarehouse is probably for you. I'm sure Scott Robert is open to suggestions to improve this project . His contact information is listed on the Github download page.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 522 Posts ISC Handler Sep 21st 2012 |
Thread locked Subscribe |
Sep 21st 2012 9 years ago |
Hey Guy...you need to fix the github link..there is a rogue %20 after the second forward slash.
|
HackDefendr 65 Posts |
Quote |
Sep 22nd 2012 9 years ago |
Link is fixed.
|
Guy 522 Posts ISC Handler |
Quote |
Sep 22nd 2012 9 years ago |
a solution looking for a problem?
|
Brandon 7 Posts |
Quote |
Sep 27th 2012 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!