Haruko Malware Tracker – 1 Year Anniversary Update

Hi folks,

It’s been one year that the tracker (https://tracker.fumik0.com) is now active and over this past months, I understood that maintaining this solo project was definitely not an easy task. But, right now, Haruko is step by step a growing place that provides a start for OSINT stuff, learning Reverse malware analysis or helping some blue team people when they have to analyze some samples.

If I could summarize this malware tracker in one year:

1. 2600+ Samples
2. A learning tab with dozen of exercises added
3. A malware tab with 40+ notes for quick tips with some malware implemented
4. An Unlimited API

… and this everything is free.

It’s pretty obvious that some companies are grabbing some data from my project to resell them after without any credits, or changing the name of the sample by adding tags for other commercial bullshit nonsense to prove they are the first on it, That’s all part of the game, that’s life.

At first, this tracker was created due, that a lot of people can even afford to have tools or services, for being able just to search, download, analyzed samples and improve their skills. This is a good start among other Free services to start your OSINT and learning some stuff. If this tracker is helping students, teachers to provide courses, helping Junior Analyst or just curious, that’s the most important thing.

New section – Wallet

Since some years right now, cryptocurrencies are now part of the cybercrime landscape, with more and more trends on it. So, For having an idea, which of them are used/abused by threat actors, it could be a good thing to centralized them.

API

/api/get-wallets
/api/wallet/value

Why the idea of this branch?

1. Plug the API into the step of the transaction, for a better security approach
2. If a wallet is switched by a clipper, the API request is a way to check if, in the DB, this one is already known for some malicious activities and could be blocked easily.

New field – Domain

For OSINT research, the field “domain” has been added

domain

On the website

Example in JSON format

{  
   "first_seen":"2018-08-05",
   "first_seen_details":"1533469173",
   "hash":{  
      "md5":"ca92b2a06320fa138989ead470e6b8f5",
      "sha1":"feb71e950f43eac5037def7513f7c4e5eb3d76cc",
      "sha256":"af2c63561aa10a1e444471706a5ea35f951795dff4bb1fc735fdf05c8f30b998"
   },
   "hash_seen":1,
   "id":"5b66e1f5143e9a34ec8a3752",
   "sample":{  
      "name":"jardata.exe",
      "size":"1102336"
   },
   "server":{  
      "AS":"AS16509",
      "country":"us",
      "domain":"bitbucket.org",
      "ip":"52.216.84.40",
      "url":"bitbucket.org/kent9876/test/downloads/jardata.exe"
   }
}

Updates on API

I have made some little tweaks about the API possibilities, there is now some new ones available

/api/ip/value
/api/domain/value
/api/as/value
/api/country/value
/api/md5/value
/api/sha256/value

What next?

I have some other things that I want to release before the end of this year (unrelated to this tracker), but not sure if I will have enough time to complete everything, but yes another content & ideas are coming.

If you want to participate in this project, contact me.

Fumi o/