Malware Traffic Analysis With Python

Malware Traffic Analysis With Python

> A very simple Python script to analyse malicious traffic from malware traffic > In my sample I going to analyze traffic for "Malware Team Up: Malspam Pushing Emotet + Trickbot" for more details about this malware go to: https://unit42.paloaltonetworks.com/unit42-malware-team-malspam-pushing-emotet-trickbot/

Screenshot Of Resultes:

🚀 Behind The Scene:

At first we have to convert PCAP file to json with filter or without by run one of these commands: tshark -2 -R "http.request.method==GET or http.request.method==POST" -r input.pcap -T json >output.json tshark -2 -R "ip.addr==X.X.X.X and http.request.method==GET" -r input.pcap -T json >output.json Sometimes you need to fix json file after running on of above commands. The process is we going to all hosts on HTTP layers and scan them with urlvoid.com for more accuracy try to use paid API from them.

✨ The Accuracy:

Not granted 100%, This project just an idea, and all results based on urlvoid.com.

Author

👤 Iven Leni Fernandez

• Twitter: @iven86
• Github: @iven86
• Linkedin: @iven86

📝 License

Copyright © 2021 Iven Leni Fernandez.
This project is AGPL-3.0 licensed.