Malware Hunter is a tool for finding command and control servers
Shodan and Recorded Future launched yesterday a search engine to discover command and control servers that are behind the malware to create botnets. Called Malware Hunter, this new tool is integrated into Shodan, a search engine for discovering connected devices on the Internet.
Malware Hunter is based on search bots that crawl the Internet to find computers that serve as a command and control server for a botnet. In its intention to deceive the command and control server to show its location, the search bot uses several predefined requests that pretend to impersonate an infected computer to report to the command and control server. If the scanned computer responds, Malware Hunter registers the IP and makes it available from the Shodan interface.
Each of the two companies behind Malware Hunter plays a role. While Shodan offers the ability to demonstrate each Internet IP address quickly and efficiently, Recorded Future is contributing the technical information needed to mimic infected computers (malware bots).
"This methodology is the first one used by Shodan to locate Remote Access Trojans (RAT) controllers before the malware samples are found," said Levi Gundert, vice president of Intelligence and Strategy at Recorded Future. "Doing it this way, performing signature scans for the RAT IP address controller, observing malware through our API and correlating across a variety of sources, we are able to locate RAT drivers before the associated malware starts. Scatter or compromise the target victims, "he continued.
The technical details of what is behind the search and identification process of the command and control servers can be consulted through this 15 page report published by Recorded Future.
MALWARE HUNTER ALREADY IDENTIFIES A LARGE AMOUNT OF CONTROLS AND RAT CONTROL
The Malware Hunter engine already comes with support for identifying a variety of command and control servers used for RATs, such as Dark Comet, njRAT, Poison Ivy and Ghost RAT, plus others.
In the future, the Malware Hunter search engine is expected to be able to discover other types of malware related to botnets, such as backdoor Trojans, cybersquatting malware, cryptominers, and malware to perform DDoS attacks.