To help me organize files i decided to make a malware database with the help of Ruby Programming language and Sqlite to create a SQL database - and named the project Malare.
With malare i wanted to store malware-samples with wanted information as well as save the binary in its filesystem. To begin with i added features to add samples, remove samples and search the database for a certain keyword. It will store both the database and samples in ~/Desktop/malare and the information i wanted to store in Malare's malware database is
- Filename
- Source from where you got it from
- Domainname of Command & Control Server (C&C)
- IP address to the C&C (Optional)
- Notes (optional)
Malare's help screen.
With that tool i could easily keep track of malware samples. One could also make malare to add samples directly into malare as they got downloaded by Dionaea honeypot.
I added two options to display results stored in the database, -l (--list) would list all samples stored in the database, and -s (--search) one could search for samples based on either md5sums, c&c or filename.
Below is a sanitized version of the --list option, as one can see i have added a few samples into Malare.
--list option
Below i demonstrate a search based on a filename.
--search option
I have a few other ideas on how to further develop this project and make analysis more easy, but for now this is works pretty good. Download the project from https://github.com/eugynon/malare.
Ingen kommentarer:
Legg inn en kommentar