以前のリビジョンの文書です


マルウェアの自動収集 (Maltrieve)

  • 比較的新しいマルウェアを収集したい場合、以下スクリプトを使用すると便利。

Maltrieve

aptitude install python-bs4

使い方

  • スクリプトを実行するのみ
# python ./maltrieve.py -d /tmp/malware/                                                                                                                                           
2013-03-28 13:22:43 -1221842176 Using /tmp/malware/ as dump directory
2013-03-28 13:22:44 -1221842176 Parsing description Host: www.paypal-servcies.com/server/gate.php, IP address: 69.10.52.162, ASN: 19318, Country: US, Description: Zeus drop zone
2013-03-28 13:22:44 -1221842176 Parsing description Host: www.paypal-servcies.com/server/cp.php?m=login, IP address: 69.10.52.162, ASN: 19318, Country: US, Description: Zeus control panel
2013-03-28 13:22:44 -1221842176 Parsing description Host: adilsondocavacoaulasvianet.com/admin/blood-cell-costume, IP address: 200.58.111.26, ASN: 27823, Country: AR, Description: redirects to exploit kit with Google referrer
2013-03-28 13:22:44 -1221842176 Parsing description Host: heilaiqo.garagesport.ch:7354/cont/reprints.php?space=253&features=378&documents=897&students=843&press=355&pubsphoto=24&release=297, IP address: 192.111.144.12, ASN: 31863, Country: US, Description: Sweet Orange exploit kit
[snip]
usage: maltrieve.py [-h] [-p PROXY] [-d DUMPDIR] [-l LOGFILE]

optional arguments:
  -h, --help            show this help message and exit
  -p PROXY, --proxy PROXY
                        Define HTTP proxy as address:port
  -d DUMPDIR, --dumpdir DUMPDIR
                        Define dump directory for retrieved files
  -l LOGFILE, --logfile LOGFILE
                        Define file for logging progress
malware/maltrieve.1365485897.txt.gz · 最終更新: 2013/04/09 05:38 by kikuzou
 
特に明示されていない限り、本Wikiの内容は次のライセンスに従います: CC Attribution-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki