- Maltrail is a malicious traffic detection system, utilizing publicly
- available (black)lists containing malicious and/or generally suspicious
- trails, along with static trails compiled from various AV reports and
- custom user defined lists, where trail can be anything from domain name
- (e.g. zvpprsensinaix.com for Banjori malware),
- URL (e.g. http://126.96.36.199/harsh02.exe for known malicious executable),
- IP address (e.g. 188.8.131.52 for known attacker) or HTTP User-Agent header
- value (e.g. sqlmap for automatic SQL injection and database takeover tool).
- Also, it uses (optional) advanced heuristic mechanisms that can help in
- discovery of unknown threats (e.g. new malware).
- WWW: https://github.com/stamparm/maltrail