Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # With this two lines of bash you will donwload the last malware samples extracted from the public lists of www.malwaredomainlist.com
- # and you'll submit automatically the alive samples (check if the response was an executable or not) to totalhash.com (contribute to
- # the community) and obtain the detection rate of the sample # from Virus Total (virustotal.com).
- # As a result you'll get a bunch of executable files and their detection rate in the log "output.virustotal.txt"
- # Download all the samples detected and listed in the public CSV of mdl.com
- $ curl -s http://www.malwaredomainlist.com/mdlcsv.php | awk 'BEGIN {FS="\",\""} {print $2}' | strings -n 3 | grep -E "\.exe$|\.so$|\.bin$|\.src$|\.pdf$|\.docx$|\.vb$|\.sh$" | xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' | tee $(date +%Y%m%d_%H%M)_malware_download.log
- # Upload the downloaded samples to totalhash.com and query virustotal.com with it MD5 checksum to obtain the detection ratio
- $ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "application" | cut -f1 -d: | xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' | xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % | cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado|Detecciones:" %.virustotal.html | grep -E "Archivo no encontrado| / " ' | tee $(date +%Y%m%d_%H%M)_output.virustotal.txt
- # Delete the HTML responses (error and default pages) from the servers where the sample were not present
- $ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "text/html" | cut -f1 -d: | xargs -I% rm %
- # ---------------------------------#
- # Sample output will be like this: #
- #----------------------------------#
- $ curl -s http://www.malwaredomainlist.com/mdlcsv.php | awk 'BEGIN {FS="\",\""} {print $2}' | strings -n 3 | grep -E "\.exe$|\.so$|\.bin$|\.src$|\.pdf$|\.docx$|\.vb$|\.sh$" | xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' | tee $(date +%Y%m%d_%H%M)_malware_download.log
- Downloading: img001.com/business/qiji.exe
- Downloading: root.mcs-katwijk.nl/ws/amd.exe
- Downloading: root.mcs-katwijk.nl/ws/nvm.exe
- Downloading: root.mcs-katwijk.nl/ws/cpu.exe
- Downloading: root.mcs-katwijk.nl/ws/ws.exe
- Downloading: root.mcs-katwijk.nl/ws/kl.exe
- Downloading: oprahsearch.com/scripts/net19.exe
- Downloading: oprahsearch.com/scripts/brez251.exe
- Downloading: www.doctor-alex.com/files/SetupDrAlex.exe
- Downloading: appline.ieguide.co.kr/e1guide/popguide/E1PopGuide_20080619_Update.exe
- Downloading: appline.ieguide.co.kr/e1guide/lineguide/e1lineguide_20080619_update2.exe
- Downloading: afa15.com.ne.kr/media/videoxxx.avi.exe
- Downloading: fgawegwr.chez.com/images/1273471091.exe
- Downloading: update.onescan.co.kr/setupa/onescansetup.exe
- [...]
- $ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "application" | cut -f1 -d: | xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' | xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % | cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado|Detecciones:" %.virustotal.html | grep -E "Archivo no encontrado| / " ' | tee $(date +%Y%m%d_%H%M)_output.virustotal.txt
- qiji.exe:8c4144589bd542046aca7229dded3e99: 5 / 54
- amd.exe:0c1b2bb3a808301c87f02970dfdf828f: 30 / 53
- nvm.exe:7b438e71aac0224766f4e6e9d04147e3: 27 / 54
- cpu.exe:24799bae20df7850e81bb36adf13cef1: 39 / 54
- ws.exe:5fae317760cf61c9b40201c790decd33: 34 / 53
- kl.exe:851a3d758e2aa621fbab184e802e2d38: 38 / 54
- SetupDrAlex.exe:7b1e81bfd59e2d74f0477df2e24aaf2a: 6 / 53
- videoxxx.avi.exe:d063231de7971de04f2e77c337eaee7a: 46 / 54
- 1273471091.exe:b38b466361fda8b62122cab856fba490: 49 / 53
- onescansetup.exe:3354003da992fcc19cd60322ed2b612f: 31 / 54
Add Comment
Please, Sign In to add comment