Skip to content

Malwarebinary/assemblyline-service-configextractor

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ConfigExtractor Service

This Assemblyline service extracts malware configurations (such as IP, URL and domain) for various malware family by leveraging the ConfigExtractor Python library for analysis.

Updater

Sources

The updater for this service requires matches on directories containing parsers.

For example, the CAPE source will have a match pattern of .*/modules/processing/parsers/CAPE/$ in which we're trying to target the parsers in this directory only.

Persistence

The updater assumes that you have attached a storage volume to store your collection of sources. Contrary to other services, this updater relies on a storage volume to maintain persistence rather than Assemblyline's datastore.

Python Packages

The updater is able to scan through the directory containing parsers and look for requirements.txt files and install Python packages to a directory that should get passed onto service instances.

If you require a proxy connection for package installation, add environment variable PIP_PROXY to the container configuration.

All parser directories that are able to work with this library should also be compatible with the service.

At the time of writing, we officially support the following frameworks:

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 91.2%
  • Dockerfile 8.8%