FAME’s Documentation¶
FAME is a recursive acronym meaning “FAME Automates Malware Evaluation”.
It is meant to facilitate analysis of malicious files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.
Best case scenario: the analyst drops a sample, waits for a few minutes, and FAME is able to determine the malware family and extract its configuration and IOCs.
FAME should be seen as a framework that will empower your malware analysis development efforts.
Contents¶
- Concept
- Installation
- Administrator Guide
- User Guide
- Writing Modules
- Writing a Processing module
- Writing a Preloading module
- Common module features
- API Reference
- Common module API
- Preloading Module
- Processing Module
ProcessingModule
ProcessingModule.acts_on
ProcessingModule.generates
ProcessingModule.triggered_by
ProcessingModule.queue
ProcessingModule.permissions
ProcessingModule.add_extracted_file()
ProcessingModule.add_extraction()
ProcessingModule.add_ioc()
ProcessingModule.add_probable_name()
ProcessingModule.add_support_file()
ProcessingModule.add_tag()
ProcessingModule.change_type()
ProcessingModule.each()
ProcessingModule.each_with_type()
ProcessingModule.register_files()
ProcessingModule.run()
ProcessingModule.skip_review()
- Special Processing Modules
- Isolated Processing Module
- Reporting Modules
- Threat Intelligence Modules
- Antivirus Modules
- Virtualization Module
- Command line tools
- API