Maltrail - Malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g.
zvpprsensinaix.com
for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe
for known malicious executable), IP address (e.g. 185.130.5.231
for known attacker) or HTTP User-Agent header value (e.g. sqlmap
for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).
Post a Comment