MDIS (Malware Detection and Identification System) is an identifier format that standardizes malware classification. The syntax is designed to encode a threat's primary attributes, including its behavior, infection vector, and target OS.
- Classifies malware based on identifiers like OS, family, version, behaviors, and infection vectors.
- Outputs structured JSON reports for easier analysis.
- All essential threat info packed into a single line
- Easy for analysts to interpret
- Suitable for automation, threat intelligence sharing
- Expandable to include new behaviors, vectors, OSes
To get started with this project, just install it via pip:
pip install mdis-secYou can test the MDIS tool with the following identifiers:
from MDIS import MDISParser
# Test case
test_cases = ["MSE:McAfee.I.A#Bypass_FakeAV_Joker_Adware!Phish_PUA ", "MSE:Avast.I.A#Bypass_FakeAV_Joker_Adware_Stealer_Resurrector_Spy!Phish_PUA"]
for id in test_cases:
print(
MDISParser(id).to_natural()
if MDISParser(id).is_valid()
else f"'{id}' is an invalid identifier."
)Feel free to open issues or submit pull requests if you have any suggestions or improvements!
For more information about the project, please refer to the docs/ directory.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.