Dionaea exploit analysis
We’ll using python bundled with Dionaea:
It will open a python console. Enter the code below line by line:
It will produce test.bin file in /tmp/ folder.
Now we analyze it and dump the output to another file:
You should see something like this:
As you can see, the malicious URL is hxxp://184.108.40.206:8147/kcfl
Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including:
Malware Black List
Malware Domain List
If you want to install maltrieve on your Mac OS X, below is the steps to install it.
- First, install beautifulsoup4 via pip
- Install required dependencies via apt-get
- Download maltrieve from github
Done. Now you can use the maltrieve on you Mac OS X.