├── .gitignore ├── LICENSE.txt ├── README.md ├── client ├── .gitignore ├── input │ ├── domains.txt │ └── testdump.pcap └── src │ ├── conf │ ├── dga │ │ ├── locky-april.conf │ │ ├── locky-feb.conf │ │ ├── necurs.conf │ │ └── sampledga.conf │ ├── maltese.conf │ ├── model │ │ ├── burstconst-delayconst.conf │ │ ├── burstconst-delaypoisson.conf │ │ └── burstpoisson-delayconst.conf │ └── replay │ │ └── pcap.conf │ ├── install │ └── setup.py │ ├── maltese.py │ ├── modules │ ├── __init__.py │ ├── configutils.py │ ├── pluginmanager.py │ ├── pluginregistry.py │ └── utils.py │ └── plugins │ ├── dga │ ├── locky-april.py │ ├── locky-feb.py │ ├── necurs.py │ └── sampledga.py │ ├── model │ ├── burstconst-delayconst.py │ ├── burstconst-delaypoisson.py │ └── burstpoisson-delayconst.py │ └── replay │ ├── list-random.py │ ├── list.py │ └── pcap.py └── docs ├── BlackHat2016USA-Arsenal-Maltese.pdf ├── Manual-Maltese.pdf └── Trust-but-verify-Evaluating-DNS-based-malware-detectors.pdf /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/README.md -------------------------------------------------------------------------------- /client/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/.gitignore -------------------------------------------------------------------------------- /client/input/domains.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/input/domains.txt -------------------------------------------------------------------------------- /client/input/testdump.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/input/testdump.pcap -------------------------------------------------------------------------------- /client/src/conf/dga/locky-april.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/dga/locky-april.conf -------------------------------------------------------------------------------- /client/src/conf/dga/locky-feb.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/dga/locky-feb.conf -------------------------------------------------------------------------------- /client/src/conf/dga/necurs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/dga/necurs.conf -------------------------------------------------------------------------------- /client/src/conf/dga/sampledga.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/dga/sampledga.conf -------------------------------------------------------------------------------- /client/src/conf/maltese.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/maltese.conf -------------------------------------------------------------------------------- /client/src/conf/model/burstconst-delayconst.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/model/burstconst-delayconst.conf -------------------------------------------------------------------------------- /client/src/conf/model/burstconst-delaypoisson.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/model/burstconst-delaypoisson.conf -------------------------------------------------------------------------------- /client/src/conf/model/burstpoisson-delayconst.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/conf/model/burstpoisson-delayconst.conf -------------------------------------------------------------------------------- /client/src/conf/replay/pcap.conf: -------------------------------------------------------------------------------- 1 | override_model: True -------------------------------------------------------------------------------- /client/src/install/setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/install/setup.py -------------------------------------------------------------------------------- /client/src/maltese.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/maltese.py -------------------------------------------------------------------------------- /client/src/modules/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/modules/__init__.py -------------------------------------------------------------------------------- /client/src/modules/configutils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/modules/configutils.py -------------------------------------------------------------------------------- /client/src/modules/pluginmanager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/modules/pluginmanager.py -------------------------------------------------------------------------------- /client/src/modules/pluginregistry.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/modules/pluginregistry.py -------------------------------------------------------------------------------- /client/src/modules/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/modules/utils.py -------------------------------------------------------------------------------- /client/src/plugins/dga/locky-april.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/dga/locky-april.py -------------------------------------------------------------------------------- /client/src/plugins/dga/locky-feb.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/dga/locky-feb.py -------------------------------------------------------------------------------- /client/src/plugins/dga/necurs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/dga/necurs.py -------------------------------------------------------------------------------- /client/src/plugins/dga/sampledga.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/dga/sampledga.py -------------------------------------------------------------------------------- /client/src/plugins/model/burstconst-delayconst.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/model/burstconst-delayconst.py -------------------------------------------------------------------------------- /client/src/plugins/model/burstconst-delaypoisson.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/model/burstconst-delaypoisson.py -------------------------------------------------------------------------------- /client/src/plugins/model/burstpoisson-delayconst.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/model/burstpoisson-delayconst.py -------------------------------------------------------------------------------- /client/src/plugins/replay/list-random.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/replay/list-random.py -------------------------------------------------------------------------------- /client/src/plugins/replay/list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/replay/list.py -------------------------------------------------------------------------------- /client/src/plugins/replay/pcap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/client/src/plugins/replay/pcap.py -------------------------------------------------------------------------------- /docs/BlackHat2016USA-Arsenal-Maltese.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/docs/BlackHat2016USA-Arsenal-Maltese.pdf -------------------------------------------------------------------------------- /docs/Manual-Maltese.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/docs/Manual-Maltese.pdf -------------------------------------------------------------------------------- /docs/Trust-but-verify-Evaluating-DNS-based-malware-detectors.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HPE-AppliedSecurityResearch/maltese/HEAD/docs/Trust-but-verify-Evaluating-DNS-based-malware-detectors.pdf --------------------------------------------------------------------------------