IOCScanner naming
ogarrett opened this issue · 6 comments
TODO: determine a project name before we publish.
Deepfence naming convention: Noun:Verber (e.g. ThreatMapper, PacketStreamer, FlowMeter...)
Candidate Noun: IOC, Malware
Candidate Verber: Scanner, Hunter, Finder
Analysis:
| Exists? | Google (N V, “N-V”, “NV”) | GitHub “NV” (repos, code) | |
|---|---|---|---|
| IOCScanner | No significant products with this name, but it is a common description for tools ("SolarWinds IOC Scanner" etc") | 0.6m, 3930, 246 | 6, 77 |
| IOCHunter (“IO Chunter?) | https://pypi.org/project/ioc-hunter/ https://twitter.com/su13ym4n/status/1184015983024975872?lang=en | 6.6m, 6320, 101 | 0, 0 |
| IOCFinder | https://fireeye.market/apps/211408 https://github.com/fhightower/ioc-finder (active, 96*) | 1.2m, 3360, 243 | 0, 20 |
| MalwareScanner | https://www.kitploit.com/2022/04/malwarescanner-simple-malware-scanner.html https://github.com/password123456/malwarescanner (quiet, 51*) | 71m, 557k, 26k | 18, 1004 |
| MalwareHunter | https://github.com/abdesslem/malwareHunter (dead, 47*) https://github.com/jgajek/MalwareHunter (dead, 10*) | 2.9m, 594k, 10.8k | 3, 79 |
| MalwareFinder | https://github.com/HookJordan/MalwareFinder (dead, 5*) | 33m, 14k, 301 | 3, 44 |
Recommendations
IOC is a little obtuse and is not 100% accurate; for example, in ThreatStryker, we use IOCs to refer to events. Malware is more recognisable and is the term that Yara uses to describe the artefacts it detects (see https://virustotal.github.io/yara/).
MalwareScanner is very generic. MalwareHunter or MalwareFinder might be appropriate.
Happy to consider other Noun and Verber ideas
I think MalwareHunter is good. What about others?
I like the name MalwareHunter.
Few more suggestion:
MalwareBlade, MalwareZap, MalwareNuke
Comments from @sandman137 :
I like YaraHunter as its a bit more specific than malwarehunter
malwarehunter is too generic man
need something which is either tech specific or cloud specific
like k8sMwalrehinter
something which is little more specific
Adding YARA to the list for consideration:
| Exists? | Google (N V, “N-V”, “NV”) | GitHub “NV” (repos, code) | |
|---|---|---|---|
| IOCScanner | No significant products with this name, but it is a common description for tools ("SolarWinds IOC Scanner" etc") | 0.6m, 3930, 246 | 6, 77 |
| IOCHunter (“IO Chunter?) | https://pypi.org/project/ioc-hunter/ https://twitter.com/su13ym4n/status/1184015983024975872?lang=en | 6.6m, 6320, 101 | 0, 0 |
| IOCFinder | https://fireeye.market/apps/211408 https://github.com/fhightower/ioc-finder (active, 96*) | 1.2m, 3360, 243 | 0, 20 |
| MalwareScanner | https://www.kitploit.com/2022/04/malwarescanner-simple-malware-scanner.html https://github.com/password123456/malwarescanner (quiet, 51*) | 71m, 557k, 26k | 18, 1004 |
| MalwareHunter | https://github.com/abdesslem/malwareHunter (dead, 47*) https://github.com/jgajek/MalwareHunter (dead, 10*) | 2.9m, 594k, 10.8k | 3, 79 |
| MalwareFinder | https://github.com/HookJordan/MalwareFinder (dead, 5*) | 33m, 14k, 301 | 3, 44 |
| YARAScanner | https://github.com/iomoath/yara-scanner (quiet, 25*) https://github.com/CrowdStrike/xwf-yara-scanner (active, 74*) | 0.6m, 2.1k, 455 | 10, 324 |
| YARAHunter | 10m, 12k, 38 | 0, 2 | |
| YARAFinder | 0.9, 0.8k, 0 | 0, 0 |
Leading candidates are MalwareHunter and YARAHunter.
MalwareHunter:
- Pros - familiar words, follows existing naming convention closely, does what it says ("hunts for malware"). Note that yara describes itself as "helping malware researchers to.. classify malware samples"
- Cons - generic (would need to get top spot on google for 'malware hunter', currently occupied by a windows tool)
YARAHunter:
- Pros - more distinctive, easy to get top spot in google/github, familiar to security researchers
- Cons - less familiar (less likely to be stumbled upon), less accurate (tool does not "hunt for YARA"), restricts implementation to YARA rules only
Recommendation: MalwareHunter
Name chosen was YaRadare