マルウェアの自動収集 (Maltrieve)
Maltrieve
aptitude install python-bs4
使い方
# python ./maltrieve.py -d /tmp/malware/
2013-03-28 13:22:43 -1221842176 Using /tmp/malware/ as dump directory
2013-03-28 13:22:44 -1221842176 Parsing description Host: www.paypal-servcies.com/server/gate.php, IP address: 69.10.52.162, ASN: 19318, Country: US, Description: Zeus drop zone
2013-03-28 13:22:44 -1221842176 Parsing description Host: www.paypal-servcies.com/server/cp.php?m=login, IP address: 69.10.52.162, ASN: 19318, Country: US, Description: Zeus control panel
2013-03-28 13:22:44 -1221842176 Parsing description Host: adilsondocavacoaulasvianet.com/admin/blood-cell-costume, IP address: 200.58.111.26, ASN: 27823, Country: AR, Description: redirects to exploit kit with Google referrer
2013-03-28 13:22:44 -1221842176 Parsing description Host: heilaiqo.garagesport.ch:7354/cont/reprints.php?space=253&features=378&documents=897&students=843&press=355&pubsphoto=24&release=297, IP address: 192.111.144.12, ASN: 31863, Country: US, Description: Sweet Orange exploit kit
[snip]
usage: maltrieve.py [-h] [-p PROXY] [-d DUMPDIR] [-l LOGFILE]
optional arguments:
-h, --help show this help message and exit
-p PROXY, --proxy PROXY
Define HTTP proxy as address:port
-d DUMPDIR, --dumpdir DUMPDIR
Define dump directory for retrieved files
-l LOGFILE, --logfile LOGFILE
Define file for logging progress