/Malware-Traffic-Analysis

Malware Traffic Analysis With Python

Primary LanguagePythonGNU Affero General Public License v3.0AGPL-3.0

Malware Traffic Analysis With Python

GitHub license GitHub forks GitHub stars

Malware Traffic Analysis With Python

> A very simple Python script to analyse malicious traffic from malware traffic > In my sample I going to analyze traffic for "Malware Team Up: Malspam Pushing Emotet + Trickbot" for more details about this malware go to: https://unit42.paloaltonetworks.com/unit42-malware-team-malspam-pushing-emotet-trickbot/

Screenshot Of Resultes: alt text

🚀 Behind The Scene:

At first we have to convert PCAP file to json with filter or without by run one of these commands: tshark -2 -R "http.request.method==GET or http.request.method==POST" -r input.pcap -T json >output.json tshark -2 -R "ip.addr==X.X.X.X and http.request.method==GET" -r input.pcap -T json >output.json Sometimes you need to fix json file after running on of above commands. The process is we going to all hosts on HTTP layers and scan them with urlvoid.com for more accuracy try to use paid API from them.

✨ The Accuracy:

Not granted 100%, This project just an idea, and all results based on urlvoid.com.

Author

👤 Iven Leni Fernandez

📝 License

Copyright © 2021 Iven Leni Fernandez.
This project is AGPL-3.0 licensed.