API tools faq
paste
felmoltor

Automated download of malware samples from malwaredomainlist

felmoltor
Aug 14th, 2014
515
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.13 KB | None | 0 0
raw download clone embed print report
  1. # With this two lines of bash you will donwload the last malware samples extracted from the public lists of www.malwaredomainlist.com
  2. # and you'll submit automatically the alive samples (check if the response was an executable or not) to totalhash.com (contribute to
  3. # the community) and obtain the detection rate of the sample # from Virus Total (virustotal.com).
  4. # As a result you'll get a bunch of executable files and their detection rate in the log "output.virustotal.txt"
  5.  
  6. # Download all the samples detected and listed in the public CSV of mdl.com
  7. $ curl -s http://www.malwaredomainlist.com/mdlcsv.php | awk 'BEGIN {FS="\",\""} {print $2}' | strings -n 3 | grep -E "\.exe$|\.so$|\.bin$|\.src$|\.pdf$|\.docx$|\.vb$|\.sh$" | xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' | tee $(date +%Y%m%d_%H%M)_malware_download.log
  8.  
  9. # Upload the downloaded samples to totalhash.com and query virustotal.com with it MD5 checksum to obtain the detection ratio
  10. $ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "application" | cut -f1 -d: | xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' | xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % | cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado|Detecciones:" %.virustotal.html | grep -E "Archivo no encontrado| / " ' | tee $(date +%Y%m%d_%H%M)_output.virustotal.txt
  11.  
  12. # Delete the HTML responses (error and default pages) from the servers where the sample were not present
  13. $ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "text/html"  | cut -f1 -d: | xargs -I% rm %
  14.  
  15. # ---------------------------------#
  16. # Sample output will be like this: #
  17. #----------------------------------#
  18.  
  19. $ curl -s http://www.malwaredomainlist.com/mdlcsv.php | awk 'BEGIN {FS="\",\""} {print $2}' | strings -n 3 | grep -E "\.exe$|\.so$|\.bin$|\.src$|\.pdf$|\.docx$|\.vb$|\.sh$" | xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' | tee $(date +%Y%m%d_%H%M)_malware_download.log
  20. Downloading: img001.com/business/qiji.exe
  21. Downloading: root.mcs-katwijk.nl/ws/amd.exe
  22. Downloading: root.mcs-katwijk.nl/ws/nvm.exe
  23. Downloading: root.mcs-katwijk.nl/ws/cpu.exe
  24. Downloading: root.mcs-katwijk.nl/ws/ws.exe
  25. Downloading: root.mcs-katwijk.nl/ws/kl.exe
  26. Downloading: oprahsearch.com/scripts/net19.exe
  27. Downloading: oprahsearch.com/scripts/brez251.exe
  28. Downloading: www.doctor-alex.com/files/SetupDrAlex.exe
  29. Downloading: appline.ieguide.co.kr/e1guide/popguide/E1PopGuide_20080619_Update.exe
  30. Downloading: appline.ieguide.co.kr/e1guide/lineguide/e1lineguide_20080619_update2.exe
  31. Downloading: afa15.com.ne.kr/media/videoxxx.avi.exe
  32. Downloading: fgawegwr.chez.com/images/1273471091.exe
  33. Downloading: update.onescan.co.kr/setupa/onescansetup.exe
  34. [...]
  35.  
  36. $ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "application" | cut -f1 -d: | xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' | xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % | cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado|Detecciones:" %.virustotal.html | grep -E "Archivo no encontrado| / " ' | tee $(date +%Y%m%d_%H%M)_output.virustotal.txt
  37. qiji.exe:8c4144589bd542046aca7229dded3e99:            5 / 54
  38. amd.exe:0c1b2bb3a808301c87f02970dfdf828f:            30 / 53
  39. nvm.exe:7b438e71aac0224766f4e6e9d04147e3:            27 / 54
  40. cpu.exe:24799bae20df7850e81bb36adf13cef1:            39 / 54
  41. ws.exe:5fae317760cf61c9b40201c790decd33:            34 / 53
  42. kl.exe:851a3d758e2aa621fbab184e802e2d38:            38 / 54
  43. SetupDrAlex.exe:7b1e81bfd59e2d74f0477df2e24aaf2a:            6 / 53
  44. videoxxx.avi.exe:d063231de7971de04f2e77c337eaee7a:            46 / 54
  45. 1273471091.exe:b38b466361fda8b62122cab856fba490:            49 / 53
  46. onescansetup.exe:3354003da992fcc19cd60322ed2b612f:            31 / 54
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!