Lens is a next generation open source malware analysis framework, built to get up and running quickly on a single system or to be deployed across a distributed environment. Lens allows you to supplement and fully customize your organization's ability to detect malware with your own signatures, thresholds, and machine learning algorithms. As defenders, having the ability to deploy our own custom malware detection before, during, or after a campaign can be invaluable.
- Yara-Python is a dependency and in order to make use of the most recent version of Yara, you may need to build from source.
- First install build dependencies
sudo apt-get install autoconf
sudo apt-get install libtool
sudo apt-get install python-dev
- Now install Yara and Yara-Python
wget https://github.com/plusvic/yara/archive/v3.4.0.tar.gz
tar -xvf v3.4.0.tar.gz
cd yara-3.4.0
./configure
make
sudo make install
cd yara-python
python setup.py build
python setup.py install
-
pefile - dependecy required to parse portable executable files.
-
Database - either sqlite will be used or MongoDB must be installed and configured If using sqlite, some core functionality is supported. To really get the full benefits of machine learning algorithms and analyzers with less structured feature output, MongoDB will be required.
Installing MongoDB: This guide walks through how to install mongodb: https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-ubuntu/ This is how to install pymongo (python package) for Windows: Use MS Windows installers from https://pypi.python.org/pypi/pymongo/