Author: Vitali Kremez @VK_intel
Source: https://www.virustotal.com
Goal: Visualize and analyze all recent Mirai DDoS malware submissions on VirusTotal
Steps:
(1) Pull all of the recent Mirai malware submissions from VirusTotal, identified by the YARA signature;
(2) Push the data to ELK (Elasticsearch, Logstash, and Kibana); and
(3) Create a custom timeline dashboard with all the most recent Mirai malware hashes.
Time | first_seen | Mirai md5 | |
---|---|---|---|
November 28th 2016, 12:49:26.000 | |||
November 29th 2016, 20:45:44.000 | |||
November 28th 2016, 12:25:37.000 | |||
November 28th 2016, 16:54:20.000 | |||
November 24th 2016, 01:50:13.000 | |||
November 23rd 2016, 10:43:12.000 | |||
November 24th 2016, 14:21:42.000 | |||
November 23rd 2016, 16:59:07.000 | |||
November 28th 2016, 13:37:15.000 | |||
November 29th 2016, 01:56:03.000 | |||
November 29th 2016, 01:55:51.000 | |||
November 30th 2016, 04:08:32.000 |