[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid”]
Malware Hunter is a tool for finding command and control servers
Shodan and Recorded Future launched a search engine to discover command and control servers behind malware to create big botnets and turn your computer into a Zombie. This release was called Malware Hunter, this new tool is integrated into Shodan, a search engine to discover devices connected on the Internet.
Malware Hunter is based on search bots that crawl the Internet to find computers that serve as a command and control server for a botnet. In its intention to deceive the command and control server to show its location, the search bot uses several predefined requests that pretend to impersonate an infected computer to report to the command and control server. If the scanned computer responds, Malware Hunter registers the IP and makes it available from the Shodan interface.
Each of the two companies behind Malware Hunter performs a function, while Shodan offers the ability to demonstrate each Internet IP address quickly and efficiently, Recorded Future is contributing with the technical information needed to mimic infected computers (bots of malware) .
“This methodology is the first one used by Shodan to locate Remote Access Trojans (RAT) controllers before the malware samples are found,” said Levi Gundert, vice president of Intelligence and Strategy at Recorded Future. “Doing it this way, performing signature scans for the RAT IP address controller, observing malware through our API and correlating across a variety of sources, we are able to locate RAT drivers before the associated malware starts. Scatter or compromise the target victims, “he continued.
The technical details of what is behind the search and identification process of the command and control servers can be consulted through this 15 page report published by Recorded Future.
Malware Hunter already identifies a large number of RAT controls and controls
The Malware Hunter engine already comes with support for identifying a variety of command and control servers used for RATs, such as Dark Comet, njRAT, Poison Ivy and Ghost RAT, plus others.
In the future, the Malware Hunter search engine is expected to be able to discover other types of malware related to botnets, such as backdoor Trojans, cybersquatting malware, cryptominers, and malware to perform DDoS attacks.
learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester