~alienagain/Stix_stuff

2a0942d87000a9bd0564247840de9dcbb39bde0b — terceranexus6 1 year, 1 month ago 6bba821
updating readme
1 files changed, 24 insertions(+), 4 deletions(-)

M README.md
M README.md => README.md +24 -4
@@ 4,13 4,33 @@ Since I'm planning on creating reports from my personal Linux threat projects, I

## How to

For malware hashing preparing:
It's recommended to use a virtual environment. Evrything works on python3.

```
mkdir my_virtual_space
cd my_virtual_space
source bin/activate
python malware_hash_indicator.py 
source bin/activate 
```
Then install all the requirements:

Follow the instructions, and then a `.stix` file will be generated using the name of the threat. Right now the creation and modification times are the same: the one second the script is executed. There's an example of a cryptominer in the example directory.
```
git clone https://git.sr.ht/~alienagain/Stix_stuff
pip3 intall -r requirements.txt
```

Then try out the hashes:

```
python3 from_csv/hashes.py from_csv/example_hashes.csv
```

or the domains:

```
python3 from_csv/domains.py from_csv/example_domains.csv
```

The files with the relationships of the example (XMRIG) will be created. Follow the docs to learn more about adding new malware and understanding the logics:

* [How to (extended)](docs/from_csv_to_stix.md)
* [Making sense of data](docs/making_sense_of_data.md)