telfhash: Hunting IoT elves

by do son · February 22, 2021

Trend Micro ELF Hash (telfhash)

telfhash is a symbol hash for ELF files, just like imphash is imports hash for PE files. Telfhash is an architecture-agnostic hash based on symbols of ELF files. It can also cluster ELF files with no symbols based on a creative algorithm to cluster them. Designed as a Python library, it is also shipped with a command-line tool that allows malware researchers to correctly group similar ELF files together.

Install

Requirement

It uses TLSH in generating the hash. TLSH must be installed in your system in order for telfhash to work.

You can install TLSH from here:

https://github.com/trendmicro/tlsh/

The TLSH git repo has detailed instructions on how to compile and install the TLSH binaries and libraries. Don’t forget to also install the TLSH Python library. telfhash uses the TLSH Python library to generate the actual hash.

Install

git clone https://github.com/trendmicro/telfhash.git
cd telfhash
python3 setup.py install

Use

Tutorial

telfhash: Hunting IoT elves

Search

Brilliantly

Content & Links