Malcom – Malware Communication Analyzer

Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world.

Malcom - Malware Communication Analyzer
Malcom – Malware Communication Analyzer

The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.

Malcom can help you:

  • Quickly determine if a host, IP, or URL is “known-bad” (i.e. it has been flagged as being malicious by other websites or sources).
  • Get some intelligence on what relates two different elements. For example, you could see that several different hosts are pointing to a same IP address (or small AS), which has been seen in previous attacks. Eventually, you could also see what those same hosts have been registered by three different email addresses, which have also been seen in phishing kits.
  • Get a detailed overview of the kind of network traffic patterns a host is displaying. Is it pinging specific IP addresses? Is it sending SMTP traffic? Is it part of a botnet? What kind of C&C infrastructure is being used?

You can read more and download this tool over here: https://github.com/tomchop/malcom

Share