Malcom v1.2 Malware Communication Analyzer
Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world.
Malcom can help you:
- detect central command and control (C&C) servers
- understand peer-to-peer networks
- observe DNS fast-flux infrastructures
- quickly determine if a network artifact is ‘known-bad’
The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
Malcom was written mostly from scratch, in Python. It uses the following frameworks to work:
- flask – a lightweight python web framework
- mongodb – a NoSQL database. It interfaces to python with pymongo
- redis – An advanced in-memory key-value store
- d3js – a JavaScript library that produces awesome force-directed graphs (https://github.com/mbostock/d3/wiki/Gallery)
- bootstrap – a CSS framework that will eventually kill webdesign, but makes it extremely easy to quickly “webize” applications that would only work through a command prompt.
More information: here
[button size=large style=round color=red align=none url=https://github.com/tomchop/malcom]Download Malcom v1.2[/button]