So Symantec's recent report about Linux.Darlloz targeting "The Internet of Things" was of particular interest. Of late, we've observed a fairly large increase in PHP exploit attempts. We've long been tracking exploit attempts against web servers, notably CMS hosts, ColdFusion, and vanilla PHP/CGI servers. Your sorting will not affect other visitors. To sort any columns, click on View - List. To download (you might miss updates if you decide to use a static copy), click on File - Download As in the spreadsheet view. VIEW OR DOWNLOAD "MALWARE TRAFFIC PATTERNS" SPREADSHEET The list features all types of malware: cybercrime, APT and hacktivism The Links tab gives resource list, and TBD tab shows entries for malware for which we don't have common/public names. The second tab "EZ Lookup" offers a more condensed view, which allows easier sorting. The references column is a good source of links for malware analysis or resources for different families. We will be adding data from our own research and online publications. This list is not meant to be the only way to identify malware families - it is an aid resource and reference. We decided others might find it useful too. This started as "personal notes" spreadsheet with GET and POST requests for different malware families with information from open sources. The number of malware analysis blogs and papers is overwhelming and it is difficult to keep track of malware features if you don't have access to a well designed and constantly updated malware database. Signatures definitely help but ability to visually recognize malware traffic patterns has been always an important skill for anyone tasked with network defense. Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Update We added ability to download corresponding samples and pcaps (when available).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |