Shodan Release new tool: Trojan Malware C&C Server Search Engine

On May 2, Shodan and Recorded Future jointly launched the online malware C & C (command and control) server search engine – Malware Hunter , which was integrated on the Shodan base search engine, which greatly facilitates the vast number of security researchers to conduct malicious malware Detection of software infection equipment.

Malware Hunter Technical

Malware Hunter finds botnets on the Internet through a large number of search nodes (bot).In order to accurately track and determine the C & C server location, the search node by imitation or pretend by malicious software infected host, to a specific C & C server to send a variety of predefined requests, if the other party to make a valid response, Malware Hunter to record its IP address and other related information , Store into the Shodan search library.


Malware Hunter is based on the common technology of Shodan and Recorded Future, where Shodan is responsible for fast and efficient detection of Internet IP addresses, while Recorded Future provides counterfeit host technology that mimics malware.Recorded Future has worked with Google and CIA to develop Internet open source intelligence information system.

For more information on Malware Hunter, please refer to the Recorded Future page 15 Technical Report“Active Threat Identification Process to find an effective way to remotely access Trojans.”

Malware Hunter has a wide range of recognition capabilities

For now, Malware Hunter can identify and discover a variety of remote control (RAT), such as Dark Comet, njRAT, Poison Ivy, Ghost RAT.If you are interested, please use the Shodan account login search to play.

In the future, Malware Hunter hopes to support detection of multiple types of malware, such as botnet malware, backdoor Trojans or web spyware, encryption mining malware, or DDoS malware.

Reference: shodan