Description Company: None


Malware Zoo

Keywords: Large-Scale Malware Analysis

Functional Components Description

Malware Zoo has services for static and dynamic analysis of malwares. It has Holmes-Totem Planner, Holmes-Storage, Holmes-Gateway, Holmes-Analytics and Holmes-Totem-Dynamic.
Holmes-Totem Planner: The Holmes-Totem Planner is responsible for turning data into information by performing feature extraction against submitted objects. When tasked, Holmes-Totem schedules the execution of its services which are capable of performing static and dynamic analysis as well as gather data from third parties. The Holmes-Totem Investigation Planner is optimized for executing extraction services that complete in a few seconds, i.e. static analysis and 3rd party queries. When dealing with services that take longer to complete, we recommend pairing the Holmes-Totem Planner with Holmes-Totem-Dynamic.
Holmes-Storage: Holmes-Storage is responsible for managing the interaction of Holmes Processing with the database backends. At its core, Holmes-Storage organizes the information contained in Holmes Processing and provides a RESTful and AMQP interface for accessing the data. Additionally, Holmes-Storage provides an abstraction layer between the specific database types. This allows a Holmes Processing system to change database types and combine different databases together for optimization.
Holmes-Gateway: Holmes-Gateway orchestrates the submission of objects and tasks to HolmesProcessing. Foremost, this greatly simplifies the tasking and enables the ability to automatically route tasks to Holmes-Totem and Holmes-Totem-Dynamic at a Service level. In addition, Holmes-Gateway provides validation and authentication. Finally, Holmes-Gateway provides the technical foundation for collaboration between organizations. Holmes-Gateway is meant to prevent a user from directly connecting to Holmes-Storage or RabbitMQ. Instead tasking-requests and object upload pass through Holmes-Gateway, which performs validity checking, enforces ACL, and forwards the requests.
Holmes-Analytics: The goal of this project is to implement a semi-generic interface that enables Holmes Processing to manage the execution of advanced statistical and machine learning analysis operations.
Holmes-Totem-Dynamic: Just like Holmes-Totem the “Dynamic” Planner is responsible for turning data into information by performing feature extraction against submitted objects. When tasked, Holmes-Totem-Dynamic schedules the execution of its services which are focused on dynamic and other long or indefinite running analysis tasks.

Services provided:

Use Request Non-profit

Services:

Technical Equipment: