/malware_name_mapping

A mapping of used malware names to commonly known family names

Primary LanguagePythonCreative Commons Zero v1.0 UniversalCC0-1.0

Malware Name Mapping

There are a lot of different malware names used in the IT security community for the same kind of malware. This repository holds regular expression to match those and derive a commonly used malware family name.

This mapping is used in reporting (as generic name) and for statistics purpose.

Format

Currently it is comma-separated. The meaning of the columns is:

  1. regular expression, starting with ^ and ending with $. It can/should be applied case-insensitive. The field is encapsulated in double quotes (").
  2. malware family name
  3. optional comment (origin of the rule, where the malware names occur etc)

Tools

Lookup

> ./scripts/tools.py lookup b66-ir
Found match 'b66-ir' -> 'andromeda'.

Tests

To check the validity of the file, you can run ./scripts/test.py. It checks if

  • all lines do match the format,
  • there are not family matching to other family names and
  • that each family names is matched to itself.