/TrojanTriage

Trojan Triage parses a collection of malware samples in order to gain knowledge utilizing database analysis, common antivirus, Linux tools and PE file disassembly.

Primary LanguagePython

TrojanTriage

This project is built to organize a collection of malware in order to gain knowledge from commonalities between certain pieces of malware. With a large database of malware and information about the malware it will be easier to answer questions like: “How many samples use this x DLL?”, “How many ransomware sampes use this x DLL?” “What is the full list of DLLs used by all known backdoors?”

The front end utilizes Django & Django ORM operations on the mySQL database The data stored in the mySQL database is pulled from multiple major antivirus databases as well as local research. The log malware scan log files are processed with python.

The Trojan Triage process consists of 3 main parts.

  1. The mySQL database provides storage for the malware information. make tables

  2. The Django interface provides a front end for viewing and sorting the malware samples.database views interface

  3. The VMAutomation portion providing malware information collection.python scripts

In Progress:

-dll anlysis

-Portable Executable analysis

Django interface for displaying databases Image of Django database page

Django interface for Cuckoo uploads Image of Django backend result

Image of SQL Results

Image of Malware scan This database is for educational purposes only.