## **PoC** [ClarAVy](https://github.com/FutureComputing4AI/ClarAVy) by [rjoyce](https://github.com/rjjoyce8) seems to surpass https://github.com/malicialab/avclass at this task. ## **Details** A tool to tag / label malware samples. ClarAVy takes .jsonl files as input, where each line is a JSON VirusTotal report containing antivirus results about a malicious file. ClarAVy tokenizes each antivirus label and identifies the type of each token (i.e. whether it indicates a malicious behavior, file property, etc). Then, it identifies token aliases -- tokens with different spellings but identical meanings (such as bkdr and backdoor). If enough antivirus products output the same token in their labels, it will be included as a tag in the output. [paper](https://arxiv.org/abs/2310.11706)