Mirai DDOS Malware Submissions on VirusTotal

Author: Vitali Kremez @VK_intel
Source: https://www.virustotal.com
Goal: Visualize and analyze all recent Mirai DDoS malware submissions on VirusTotal



Steps:
(1) Pull all of the recent Mirai malware submissions from VirusTotal, identified by the YARA signature;
(2) Push the data to ELK (Elasticsearch, Logstash, and Kibana); and
(3) Create a custom timeline dashboard with all the most recent Mirai malware hashes.

Time  first_seen   Mirai md5  
November 28th 2016, 12:49:26.000
November 28th 2016, 12:48:58.000
5849bb9ceefee5ef295e7e966d0ba2b5
November 29th 2016, 20:45:44.000
November 28th 2016, 12:25:06.000
9ba4401c2a4faa8975175498dc1fbfd4
November 28th 2016, 12:25:37.000
November 28th 2016, 12:25:06.000
9ba4401c2a4faa8975175498dc1fbfd4
November 28th 2016, 16:54:20.000
November 28th 2016, 12:25:06.000
9ba4401c2a4faa8975175498dc1fbfd4
November 24th 2016, 01:50:13.000
November 24th 2016, 01:49:39.000
bd3689a91daff90950b0f83aeb7ed503
November 23rd 2016, 10:43:12.000
November 20th 2016, 22:26:52.000
6e2002f8d9a6d372d15d9c9dbe9fe286
November 24th 2016, 14:21:42.000
November 20th 2016, 22:26:52.000
6e2002f8d9a6d372d15d9c9dbe9fe286
November 23rd 2016, 16:59:07.000
November 18th 2016, 11:49:09.000
68933ff0ead688099653de1518632a5b
November 28th 2016, 13:37:15.000
November 14th 2016, 18:17:40.000
cb2b4f743d5125cc4c1e067abc783b82
November 29th 2016, 01:56:03.000
November 5th 2016, 03:38:23.000
e8da1bab26ac3507af1c65ee3796170d
November 29th 2016, 01:55:51.000
November 5th 2016, 03:00:39.000
15adef2c484166480d3684425f1fc0b4
November 30th 2016, 04:08:32.000
October 23rd 2016, 20:36:24.000
b0f48738fddf5c14c474f4bda38d81c1

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s