[Malcom] Malware Communication Analyzer


Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic. This comes handy when analyzing how certain malware species try to communicate with the outside world.

Malcom can help you:
  • detect central command and control (C&C) servers
  • understand peer-to-peer networks
  • observe DNS fast-flux infrastructures
  • quickly determine if a network artifact is 'known-bad'

The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.

Check the wiki for a Quickstart and some nice screenshots.

In the near future, it will also become a collaborative tool (coming soon!)