Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/JPCERTCC/impfuzzy

Fuzzy Hash calculated from import API of PE files
https://github.com/JPCERTCC/impfuzzy

clustering impfuzzy malware neo4j python security volatility

Last synced: 4 days ago
JSON representation

Fuzzy Hash calculated from import API of PE files

Host: GitHub
URL: https://github.com/JPCERTCC/impfuzzy
Owner: JPCERTCC
License: gpl-2.0
Created: 2017-09-06T03:11:23.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2022-08-26T08:00:05.000Z (over 2 years ago)
Last Synced: 2024-05-30T00:54:01.558Z (7 months ago)
Topics: clustering, impfuzzy, malware, neo4j, python, security, volatility
Language: Python
Size: 317 KB
Stars: 86
Watchers: 13
Forks: 18
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-cyber-security-tools - **impfuzzy** - Calculates Fuzzy Hash from import API of PE files. (Malware Reversing / Static Analysis)

README

# impfuzzy
Impfuzzy is Fuzzy Hash calculated from import API of PE files

## pyimpfuzzy
Python module for comparing the impfuzzy

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)
http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)

## pyimpfuzzy-windows
Python module comparing the impfuzzy for Windows

## impfuzzy for Volatility
Volatility plugin for comparing the impfuzzy and imphash

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)

## impfuzzy for Volatility3
Volatility plugin for comparing the impfuzzy / imphash / ssdeep

## impfuzzy for Neo4j
Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)
http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)

## Other Tools or Frameworks
[MISP](http://www.misp-project.org): Malware Information Sharing Platform and Threat Sharing
[CRITs](https://crits.github.io): Collaborative Research Into Threats
[MultiScanner](http://multiscanner.readthedocs.io/en/latest/): File Analysis Framework
[ViruSign](https://www.virusign.com): Malware Research & Data Center, Virus Free Downloads