Malheur
Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
| Tags | Security Scientific/Engineering Log Analysis C |
|---|---|
| Licenses | GPL v3 |
| Operating Systems | POSIX Linux Mac OS X BSD |
| Implementation | C |
Recent releases
- 27 Dec 2012 21:45
Release Notes: The tool's persistent state is stored in the local state directory for better maintenance. Several minor bugs have been fixed.
- 29 Aug 2011 09:10
Release Notes: Another major bug due to libconfig changes has been fixed.
- 24 Aug 2011 21:46
Release Notes: A major bug in the parsing of configuration files has been fixed.
- 19 Apr 2011 18:44
Release Notes: All configuration parameters can be specified on the command line. The manual page and documentation have been updated and extended. Minor bugs have been fixed.
- 06 Aug 2010 12:28
Release Notes: Support was added for shared n-grams: when identifying a cluster of similar malware behavior, Malheur allows you to extract a set of instructions shared by the members in the cluster.
Heartbeat
- Popularity Score
- 94.92
- Vitality Score
- 8.69
- Subscriptions
- 10
