Malpedia - Usage

Website Usage

This page shall give you a walk through over the features of Malpedia. We currently have the following topics covered:

Inventory: Family Overview
Inventory: Family Details
Inventory: Content Change Proposals
Using RSS/Atom feeds

Inventory: Family Overview

The family overview is a tabular summary of the Malpedia's repository contents, which are stored as a git repository in the backend.
You can use the search bar to quickly narrow down the table to families of interest. It will use the following fields as selectors (case ignored, demonstrated with Molerats's "SharpStage"):

the backend directory name, which is usually [platform].[primary_name], in this case: "win.sharpstage"
the primary name: "SharpStage"
all known aliases: "LastConn"
the primary actor name: "Molerats"

Using an actor name can be used to filter to the families tied to it.

The "status" column shows the current progress of documenting the respective family:

star: how many samples are unpacked/dumped
id card: completeness of meta data documentation
tag: family is covered by a YARA rule

Inventory: Family Details

Clicking a family in the family overview leads to the family details page. Here, additional information can be read on the respective family. Among other things, this may include:

Potential aliases known for the given family.
Potential actor groups known having used this malware family. Further info on the actor can be accessed on the actor details page.
A characterizing description for the malware family.
References (e.g. analysis reports, press coverage) specifying the family.
The possibility to propose changes to some of the information mentioned above.

The family details contain several details on the family.

Inventory: Content Change Proposals

On a family's page, you can also propose a range of changes to augment Malpedia's data. The categories for which you can propose changes are:

Add/Remove Actors, based on MISP's Threat Actor collection
Adding Aliases or changing the primary name
Adding or changing the descriptive text
Adding or removing URL references
An arbitrary proposal to have content changed (not yet implemented)

Proposing a change works by selecting the respective category and then providing the value and a explanation to support the change proposal

Before a change proposal is accepted, it has to be accepted through Malpedia's Peer Review process. For now, we use a double-blind peer review process, in which a proposal has to receive at least two positive (out of three possible) reviews to be accepted. In simple cases, this may be accelerated by requiring a single positive review.

Using RSS/Atom feeds

We offer both RSS and Atom feeds. However, only the RSS variance will be listed below. If you like to use Atom then simply substitute rss with atom inside the corresponding URLs. The following feeds are currently available:

Latest library entries, sorted by publication date: or with the following URL extension /feeds/rss/latest
Newest library entries, sorted by addition date: or with the following URL extension /feeds/rss/newest

In case of questions

Please contact us via email: ed.refohnuarf.eikf@nnamholp.leinad