This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.

Summary

DS-1328
Hale
External Tool
External Data Source
GitHub
Unknown
Unknown
55 (lowest rank is 55)

Category & Restrictions

Other
cyber attack, malicious traffic, botnet
Unrestricted
true

Description


Hale is a botnet command & control monitor/spy with a modular design to easily develop new modules that monitor new protocols used by C&C servers

The main idea with Hale is to help botnet hunting and research to collaborate by creating a network of sensors (Hale monitors). To improve this idea, a XMPP bot is available to connect to a centralized XMPP server where currently two different group rooms are used for coordinating between sensors and a room for sharing logs and files. The coordination room makes use of botnet hashes that are made out of the unique keys in the botnet settings, in this way, two botnets don't have to be monitored simultaneously that have the same hash (identity) and improves utilization. To help 3rd parties to make use of this network, a bot can join the coordination room and ask a sensor to start tracking a botnet if its untracked by sending the configurations for it. Additionally, in the share room, 3rd party bots can get their hands on logs and files captured by the sensors in real time. To assist with log history the web API can be used that support GET requests.

Additional Details

18.5MB
false
Unknown
cybercrime, server, hale, spamming, application programming interface, bot, communication protocol, cryptographic protocol, application layer protocols, xmpp, transport layer security, open source hardware, external data source, servers, internet protocol, instant messaging, modular design, uniform resource identifier, malware, hypertext transfer protocol, xml based standards, inferlink corporation, technical communication, cyberwarfare, instant messaging protocols, secure communication, online chat, history of computing, botnet, 1328