Malcom - Malware Communication Analyzer

Malcom - Malware Communication Analyzer

Malcom is a Python based tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources.  This comes handy when analyzing how certain malware species try to communicate with the outside world.

It can help you detect central command and control (C&C) servers, understand peer-to-peer networks, observe DNS fast-flux infrastructures, determine if a network artifact is 'known-bad' ((i.e. it has been flagged as being malicious by other websites or sources), and more.

Malcom Image

Malcom uses the following frameworks to work:
  • flask - a lightweight Python web framework
  • mongodb - a NoSQL database. It interfaces to python with pymongo
  • redis - An advanced in-memory key-value store
  • d3js - a JavaScript library that produces awesome force-directed graphs (https://github.com/mbostock/d3/wiki/Gallery)
  • bootstrap - a CSS framework that will eventually kill web design, but makes it extremely easy to quickly "webize" applications that would only work through a command prompt.

Note: Don't use it in a production environment where data stability and reliability is a MUST.




No comments

Powered by Blogger.