This is a non-IMPACT record, meaning that access to the data is not
controlled by IMPACT. For access, see the directions below.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Summary
DS-1328
Hale
External Tool
External Data Source
GitHub
Unknown
Unknown
56 (lowest rank is 56)
Description
Hale is a botnet command & control monitor/spy with a modular design to easily develop new modules that monitor new protocols used by C&C servers
The main idea with Hale is to help botnet hunting and research to collaborate by creating a network of sensors (Hale monitors). To improve this idea, a XMPP bot is available to connect to a centralized XMPP server where currently two different group rooms are used for coordinating between sensors and a room for sharing logs and files. The coordination room makes use of botnet hashes that are made out of the unique keys in the botnet settings, in this way, two botnets don't have to be monitored simultaneously that have the same hash (identity) and improves utilization. To help 3rd parties to make use of this network, a bot can join the coordination room and ask a sensor to start tracking a botnet if its untracked by sending the configurations for it. Additionally, in the share room, 3rd party bots can get their hands on logs and files captured by the sensors in real time. To assist with log history the web API can be used that support GET requests.
Additional Details
18.5MB
false
Unknown
hale, 1328, inferlink, inferlink corporation, external data source, external, source, corporation, monitor, botnet, modular, develop, design, modules, servers, spy, protocols, control, easily, command, sensors, xmpp, files, bot, idea, coordination, 3rd, logs, network, web, log, other, don, keys, requests, time, assist, coordinating, connect, share, sending, start, captured, identity, centralized, additionally, server, monitors, settings, botnets, hunting, api, join, untracked, monitored, tracking, collaborate, main, improves, configurations, bots, utilization, real, party, hash, support, sensor, simultaneously, parties, hashes, creating, unique, improve, sharing, history, hands