基于统计特征的恶意加密流量分类.zip

<h2>Malware Traffic Analysis With Python</h2> > A very simple Python script to analyse malicious traffic from malware traffic > In my sample I going to analyze traffic for "Malware Team Up: Malspam Pushing Emotet + Trickbot" for more details about this malware go to: https://unit42.paloaltonetworks.com/unit42-malware-team-malspam-pushing-emotet-trickbot/ > Screenshot Of Resultes:  ## 🚀 Behind The Scene: > At first we have to convert PCAP file to json with filter or without by run one of these commands: > tshark -2 -R "http.request.method==GET or http.request.method==POST" -r input.pcap -T json >output.json > tshark -2 -R "ip.addr==X.X.X.X and http.request.method==GET" -r input.pcap -T json >output.json > Sometimes you need to fix json file after running on of above commands. > The process is we going to all hosts on HTTP layers and scan them with urlvoid.com for more accuracy try to use paid API from them. ## ✨ The Accuracy: > Not granted 100%, This project just an idea, and all results based on urlvoid.com. ## Author