HG

Description

HG is an abbreviation to Hazardous Garbage, is a tool to download samples of malwares from many sources. HG by itself does not store the malware, it takes a second tool like VxCage or Cuckoo Sandbox project, then it only performs the download and executes the process to sends for a repository.

Features

• New sources can be added by creating a module in directory "feeds"
• New processors can be added by creating a module in directory "processors".

Malwares Sources:

• Malc0de
• Malware Blacklist
• Malware Domain List
• Spyeye Tracker
• VXvault
• Zeus Tracker

Processors:

• Is integrated with VxCage.
• Is integrated with Cuckoo Sandbox.

Requirements

Python 2.7 is required to run HG. To install the project dependencies do this:

pip install -r requirements.txt

If you are using Debian/Ubuntu maybe you will need install some packages first:

apt-get install libxml2-dev libxslt1-dev python2.7-dev

Configuration

HG only analyzes the malwares sources and downloads the samples, so to store the samples, HG use the VxCage, then first is needed to install it.

Configure HG using the hg.conf in conf directory, it is simple see below:

[vxcage]
enabled = yes
connection = http://localhost:8080/

Now HG can send samples to Cuckoo Sandbox, in hg.conf you can configure this integration, just set the address for your cuckoo installation, remember, to do this you need to run the Cuckoo API, not the web interface, see configuration example bellow:

[cuckoo]
enable = yes
connection = http://localhost:8090/

Authors and Contributors

And the thanks go to:

• Silvio Grunge

Contact

feel free to contact me at @neriberto