Malware Archive

Displaying Shadowserver Data with Maltego

By Ned Moran

One of our core missions is to provide actionable data to network owners and researchers. Given this mission, we are constantly on the lookout for new and interesting ways to deliver our data and we are now pleased to announce that we have published a Maltego transform compatible with the Malformity Project.

With the help of our friend Keith Gilbert (Keith@digital4renscis.com) we released a transform that leverages one of our public APIs. The transform will allow Maltego users to pivot off MD5s and incorporate AV scan results into their graphs. This transform will appear as ‘Shadowserver_AVScan’ in your Maltego application.

ss_av_scan

In the example illustrated above, we passed the hashes plotted on our Maltego graph to Shadowserver’s Public API. The AV scan results returned in response to our query show that at least one of these hashes (3d52994e2e0beb98fa0cdb46be07980a) was detected by multiple vendors as ‘Dishigy’. Dishigy is an AV detection name for the DDOS bot known in the underground as Dirt Jumper.

This transform can be used to add context to your Maltego graphs as it helps you identify the malware displayed in your graph.

We will continue to explore new and interesting ways to deliver our data and as always we welcome your suggestions.