Tuesday, October 28, 2008

Maltego Malware Domain List Transforms

Not much hype about the release but the Paterva crew has introduced some really useful transforms for Maltego that utilize Malware Domains List's database.

"We've created a transform application server for integration with the MalwareDomainList.com DB. If you want to see how it works you can download the Community Edition of Maltego (if you don't have it already) from http://www.paterva.com/maltego/.

Once you have it running you should go to Tools -> Manage transforms and click on Discover Transforms.
You can now add a new discovery server with name "MALTAS" and URL http://ctas.paterva.com/MALTAS.xml"

http://www.malwaredomainlist.com/forums/index.php?topic=1938.0

Screenshot!

Pretty handy when all you have is a possible bad IP and want to see if they are already on the "bad boy" list. Being able to see the URL serving up the malware is handy too so you can grab it for analysis.

2 comments:

  1. Good stuff...I have to check this out in the morning..have you played with developing your own transforms yet? I hear that with the new version writing your own transforms will be easier.

    ReplyDelete
  2. i want to, but there doesnt seem to be a clear way to stand up your own TAS or a good tutorial to write some. if you have or find that stuff please let me know.

    ReplyDelete