MalwareClustering
=================

MalwareClustering_Search
------------------------

.. rubric:: Details

===========================  ============================================
Author                       LDO-CERT
Version                      1.0
License                      AGPL-V3
Website                      https://github.com/LDO-CERT/Cortex-Analyzers
Requires Registration        No
Requires Subscription        No
Free Subscription Available  No
DataType Supported           file, hash
===========================  ============================================

.. rubric:: Description

Uses ApiVectors to find similarities between malware samples.

.. rubric:: Configuration

=========  ==============================
Name       Description
n4j_host   Neo4j server host
n4j_port   Neo4j server port
n4j_user   Neo4j server user
n4j_pwd    Neo4j server password
threshold  ApiScout correlation threshold
=========  ==============================


.. rubric:: Additional details from the README file:


Prerequisites:
==============

Required:
---------

.. code-block::

   - [neo4j db instance](https://neo4j.com/download/)
   - pip3 install -r requirements


Optional:
---------

.. code-block::

   - bulk import known malware samples in db from:
       - [cloned malpedia repo](https://malpedia.caad.fkie.fraunhofer.de/)
       - folder with some malicious sample with optional json malpedia like definition


.. code-block::

   from malwareclustering_api import Api
   test = Api(host='127.0.0.1', port=7474, user='neo4j', password='password', threshold=40, folder_path='/home/user/malware_samples')
   test.process()