Giters

CybercentreCanada / assemblyline-service-metapeek

Assemblyline 4 Metadata anomaly detection service

Home Page:https://cybercentrecanada.github.io/assemblyline4_docs/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

anomaly-detectionassemblylinemalware-analysismetadata

MetaPeek Service

This Assemblyline service checks the metadata of the submitted file to look for anomalies (name, extension, etc).

NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation

Execution

This service checks for dubious techniques spam writers employ to trick people into clicking on embedded files.

This includes:

  • Double file extension
  • Empty file names
  • Excessive use of whitespace
  • Bi-directional unicode control characters

About

Assemblyline 4 Metadata anomaly detection service

https://cybercentrecanada.github.io/assemblyline4_docs/

anomaly-detectionassemblylinemalware-analysismetadata

License:MIT License

Languages

Language:Python 95.9%Language:Dockerfile 4.1%