We’ve had quite a few upgrades to minotaur this weekend. First, and most noticeable on the homepage is a display of recently analyzed network communications of malicious samples. If you click on a particularly interesting map, it will take you to the report for that sample.
Next, you can now search for samples using the MD5, SHA1 or SHA256 hashes which will hopefully improve the usefulness of the search system.
Lastly, the backend that generates the videos, screenshots, tcpmaps and dynamic analyses had a major flaw in the way files were copied into the environment that was preventing some of the samples from having full data. This bug has been fixed which should lead to more consistent level of analysis of EXE files.
Hopefully many more updates on the way.
The anti-malware dns aggregator is back online on a completely new backend and statistics should be rolling in very shortly. I’m running the entire domain database through the new system, so there will be a large spike in detections over the next few days. Please, if you know of any more services we can add to this aggregator, let me know.
Our Anti-Malware DNS Service Query Tool is back online. Add during testing, we found a flaw in the way the return data from ClearCloud DNS was being parsed. It appears they have added redirect servers we were not aware of, so we have added those to the system, which should yield better metrics in their favor. When the tool started, ClearCloud was the leader by a longshot in blocking access to domains hosting malicious content, but soon fell into the background. This may explain that slide.
If you have not yet used the tool, please check it out here: http://minotauranalysis.com/tools/dnscheck.aspx
NovCon is pleased to announce the availability of a new tool to view the entries of several major anti-malware DNS providers for a given hostname. Please check out the new DNS research tool available here and also see some of our statistics on the tool here. Note that our own internal collectors and tools are using the same backend, so we already have some rich data that we are mining for statistics.