Maltrail is a malicious traffic detection system, using publicly available (black)lists containing malicious and/or generally suspicious trails, static trails compiled from various AV reports and custom user-defined lists, and (optionally) advanced heuristic mechanisms that can help in the discovery of unknown threats (for example, new malware). It is based on a Traffic -> Sensor <-> Server <-> Client Architecture.

Trail can be anything from a: domain name (like for Banjori malware)

  • URL (like for known malicious executable)

  • IP address (for example for known attacker)

  • HTTP User-Agent header value (like sqlmap for automatic SQL injection and database takeover tool).

It can be found on Github stamparm/maltrail.