Skip to content
This tool maps a file's behavior on MITRE ATT&CK matrix.
YARA Python HTML
Branch: master
Clone or download
Latest commit a64cc42 Aug 9, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
images DEFCON27 Aug 9, 2019
templates DEFCON27 Aug 9, 2019
utils DEFCON27 Aug 9, 2019
yara_sigs DEFCON27 Aug 9, 2019
README.md Update README.md Aug 9, 2019
__init__.py DEFCON27 Aug 9, 2019
hachi.py DEFCON27 Aug 9, 2019
requirements.txt DEFCON27 Aug 9, 2019
scanda.py DEFCON27 Aug 9, 2019

README.md

defcon

Hachi Logo

ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.

Following modules of Hachi make this tool a great addition to an analyst’s or company’s armaments:

• Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file. • Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix. • RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integration with malware processing frameworks. • Visualization: It allows for the creation of detailed visual reports.

Hachi User Interface

Hachi User Interface

Hachi Report Page

Hachi Report Page

MITRE Mapping

MITRE Mapping

Dependecies:

  1. Download radare2 and add its path in system path.
  2. Download and install Graphviz2.38 and add its path in system path.
  3. Enable MSMQ feature on the system and create a pipe and add its name in Hachi.config file.
  4. Install python packages mentioned in requirements.txt.
  5. Run hachi.py and scanda.py

References:

https://attack.mitre.org/
https://www.radare.org/get/THC2018.pdf
https://github.com/pinkflawd/r2graphity
https://github.com/Yara-Rules/rules

You can’t perform that action at this time.