GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → adulau → Malwareclassifier

adulau / Malwareclassifier

Malware Classifier From Network Captures

Programming Languages

python
139335 projects - #7 most used programming language

Labels

visualizationmalware

Projects that are alternatives of or similar to Malwareclassifier

Block Ads Via Dns
Block ads and malware via local DNS server
Stars: ✭ 50 (-33.33%)
Mutual labels:  malware
Malware Analysis Scripts
Collection of scripts for different malware analysis tasks
Stars: ✭ 61 (-18.67%)
Mutual labels:  malware
Dr0p1t Framework
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Stars: ✭ 1,132 (+1409.33%)
Mutual labels:  malware
Absent Loader
Example Loader to be used as a learning resource for people interested in how commercially available malware is made on a very basic level
Stars: ✭ 54 (-28%)
Mutual labels:  malware
Xor crypter
XOR encryption, malware crypter
Stars: ✭ 59 (-21.33%)
Mutual labels:  malware
Robust Adv Malware Detection
Code repository for the paper "Adversarial Deep Learning for Robust Detection of Binary Encoded Malware"
Stars: ✭ 63 (-16%)
Mutual labels:  malware
Zeus
NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. This repository is for study purposes only, do not message me about your lame hacking attempts.
Stars: ✭ 1,043 (+1290.67%)
Mutual labels:  malware
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-8%)
Mutual labels:  malware
Locky
Stars: ✭ 61 (-18.67%)
Mutual labels:  malware
Cyberweapons
Automated Cyber Offense
Stars: ✭ 64 (-14.67%)
Mutual labels:  malware
Sentello
Sentello is python script that simulates the anti-evasion and anti-analysis techniques used by malware.
Stars: ✭ 54 (-28%)
Mutual labels:  malware
Reverse Php Malware
De-obfuscate and reverse engineer PHP malware
Stars: ✭ 59 (-21.33%)
Mutual labels:  malware
Data
APTnotes data
Stars: ✭ 1,126 (+1401.33%)
Mutual labels:  malware
Malware
Malware related code
Stars: ✭ 51 (-32%)
Mutual labels:  malware
Introduction To Manual Backdooring
Executables created while writing "Introduction to Manual Backdooring".
Stars: ✭ 66 (-12%)
Mutual labels:  malware
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+11874.67%)
Mutual labels:  malware
Telerat
Telegram RAT written in Python
Stars: ✭ 56 (-25.33%)
Mutual labels:  malware
Ursadb
Trigram database written in C++, suited for malware indexing
Stars: ✭ 72 (-4%)
Mutual labels:  malware
Saydog Framework
Saydog Framework
Stars: ✭ 71 (-5.33%)
Mutual labels:  malware
Google rat
A Remote Access Tool using Google Apps Script as the proxy for command and control.
Stars: ✭ 64 (-14.67%)
Mutual labels:  malware
View All Similar Projects ➔

Malware Classifier From Network Capture

Malware Classifier is a simple free software project done during an university workshop of 4 hours. The objective of the 4 hours workshop was to introduce network forensic and simple techniques to classify malware network capture (from their execution in a virtual machine). So the software was kept very simple while using and learning existing tools (networkx, redis and Gephi).

Requirements

  • Python 2.7
  • networkx and redis modules (pip install -r REQUIREMENTS)
  • tshark (part of Wireshark)
  • a Redis server

How to use the Malware Classifier

You'll need of a set of network packet captures. In the workshop, we use a dataset with more than 5000 pcap files generated from the execution of malware in virtual machines.

...
0580c82f6f90b75fcf81fd3ac779ae84.pcap
05a0f4f7a72f04bda62e3a6c92970f6e.pcap
05b4a945e5f1f7675c19b74748fd30d1.pcap
05b57374486ce8a5ce33d3b7d6c9ba48.pcap
05bbddc8edac3615754f93139cf11674.pcap
...

The filename includes the MD5 malware executed in the virtual machine.

If you want to classify malware communications based on the Server HTTP headers of the (potential) C&C communication.

cd capture
ls -1 . | parallel --gnu "cat {1} | tshark -E header=yes -E separator=, -Tfields -e http.server -r {1} | python ./bin/import.py  -f {1} "

You can add additional attributes like any fields from the dissectors available within tshark (tshark -G fields). You can add additional fields in the command above. This will update the redis data structure. Then when you have enough attributes, you can dump a graph out of the relationships between the attributes and the malware packet captures.

python ./bin/graph.py

graph.py generates a GEXF file that you can import in gephi.

The output in Gephi can look like this:

a sample graph of clustering per User-Agent of each malware activity

Redis data structure

An overview of the Redis data structure used in MalwareClassifier

Notes for the student

Check the git log and the commits, these include the steps performed during the workshop especially regarding the improvement of the Python scripts.

Slides of the training session

Classifying malware using network traffic analysis. Or how to learn Redis, git, tshark and Python in 4 hours.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].