vFeed


Tools

Published on May 18th, 2016 | by MaxiSoler

0

Malcom v1.2 Malware Communication Analyzer

Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world.

Malcom can help you:

  • detect central command and control (C&C) servers
  • understand peer-to-peer networks
  • observe DNS fast-flux infrastructures
  • quickly determine if a network artifact is ‘known-bad’

The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.

Malcom was written mostly from scratch, in Python. It uses the following frameworks to work:

  • flask – a lightweight python web framework
  • mongodb – a NoSQL database. It interfaces to python with pymongo
  • redis – An advanced in-memory key-value store
  • d3js – a JavaScript library that produces awesome force-directed graphs (https://github.com/mbostock/d3/wiki/Gallery)
  • bootstrap – a CSS framework that will eventually kill webdesign, but makes it extremely easy to quickly “webize” applications that would only work through a command prompt.

More information: here

Tags: , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑