rshipp / awesome-malware-analysis Goto Github PK

Cutter has removed radare2 as their primary engine and replaced it with radare2 fork Rizin.

Rizin - https://github.com/rizinorg/rizin/releases/tag/v0.2.1
More Info regarding the replacement of radare2 - https://rizin.re/posts/faq/

Lastly, add Rizin to the list.

Thank you for the awesome list!

Cowrie is directly based on Kippo and is activly developed (unlike Kippo). Many more features and fixes many of the "bugs" Kippo has had forever.

https://github.com/micheloosterhof/cowrie

We are running a free malware analysis service at https://www.hybrid-analysis.com/

Some statistics: https://www.hybrid-analysis.com/statistics

Sample report #1 (malicious word file): https://www.hybrid-analysis.com/sample/65ad508855b19d4f00ca11fe197b1372068c2e0946deb57c8cacb61da4305d43?environmentId=4

Sample report #2 (Bartalex): https://www.hybrid-analysis.com/sample/580bb47de41dddb39966f26a2508b75c4177303d8dbad7ca9a2520694643e713?environmentId=2#dropped-files

Sample report #3: https://www.hybrid-analysis.com/sample/2b6b690e1bbe6d222654912f042ab2157bfc0ea773a7bd8a1645c2f308e0f182?environmentId=2

Payload Security is an IT-Security startup company from Germany and what's special about the sandbox system is that we statically analyze memory dumps and run a data-flow analysis using additional runtime information (what we call 'hybrid analysis') to extract more API calls/Strings, which in turn are piped to the behavior signature interface. You can see these 'annotated disassembly streams' if you click on a process (see Sample report #3) in the 'Hybrid Analysis' section. In that case, a detailed tabbed view is opened.

Would be happy to see our service added to your extensive list.

I've just released Fibratus, a tool for exploration and tracing of the Windows kernel written in Python/Cython. It has a plethora of nice features that could help security analysts to detect
anomalous activities.

Repository url: https://github.com/rabbitstack/fibratus

https://github.com/HynekPetrak/javascript-malware-collection

Hi,

You can add Karma to your list.

Karma is a free web solution that can be used to add the organization assets (domains, websites, networks, etc), and Karma periodically search this assets on various Threat Intelligence Feeds and reports if any of this assets is listed.

Also, Karma alerts on bad configurations, like DNS open zone transfers, bad SSL configurations and more.

Link: https://karma.securetia.com

Regards!

Detect It Easy, or abbreviated "DIE" is a program for determining types of files.
https://github.com/horsicq/Detect-It-Easy

Could you please consider adding malchive? Thanks :)

https://github.com/MITRECND/malchive

Sorry I want to ask. In the analysis of malware there are 3 stages that can be used ie surface analysis, runtime analysis, and static analysis. In the third stage there are many tools, what tools is best used in the stage of Surface analysis, runtime analysis, and static analysis ??
Thanks you

Sent from my OPPO F1f using FastHub

https://github.com/omriher/CapTipper

At https://iplists.firehol.org IP Feeds are analysed, documented and compared.

https://sourceforge.net/projects/xylent/

Should these be removed

1. [L232] https://cuckoosandbox.org/ No route to host - connect(2) for "cuckoosandbox.org" port 443
2. [L588] http://viper.li/ No route to host - connect(2) for "viper.li" port 80

From https://travis-ci.org/rshipp/awesome-malware-analysis/builds/171463856

Hi,
could you consider to add yomi.yoroi.company free sandbox to "Online Scanners and Sandboxes" ?

Consider adding https://beta.virusbay.io
As a malware repository :)

I was wanting to know how to get access to virusign, it says you need a user/pass but there's no other information about it that I can find.

Hi!

Could you please add https://phishstats.info/ in the Domain Analysis section?

These are great tools for urls and IPs

I think the developer of Rootkit Hunter (rkhunter); Michael Boelen changed its name to Lynis for newer releases.
So, I hope you add this new one and leave the older one as is but with a mention of the newer app name; Lynis.
https://cisofy.com/lynis/
https://github.com/CISOfy/lynis
Thanx & apologies about the misuse.

Hello, I wrote a tool that can validate README links (valid URLs, not duplicate). It can be run when someone submits a pull request.

It is currently being used by

• https://github.com/vsouza/awesome-ios
• https://github.com/matteocrippa/awesome-swift
• https://github.com/dkhamsing/open-source-ios-apps

Examples

• https://travis-ci.org/matteocrippa/awesome-swift/builds/96526196 ok ✅
• https://travis-ci.org/matteocrippa/awesome-swift/builds/96722421 link redirected / rename 🔴
• https://travis-ci.org/dkhamsing/open-source-ios-apps/builds/96763135 bad link / project deleted 🔴
• https://travis-ci.org/dkhamsing/open-source-ios-apps/builds/95754715 dupe 🔴

If you are interested, connect this repo to https://travis-ci.org/ and add a .travis.yml file to the project.

See https://github.com/dkhamsing/awesome_bot for options, more information
Feel free to leave a comment 😄

It's a lightweight yet strong tool for static investigation of suspicious files which is useful for reversers, malware researchers and those who want inspect PE files in more details.
https://www.mzrst.com/

All three repos are dead now and go nowhere.

See: http://openmalware.org/?z
See: https://github.com/vduddu/Malware
See: http://tracker.h3x.eu/

http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/

Suggest adding these two to 'Malware Corpora':

https://github.com/MalwareSamples/Malware-Feed/
https://www.virussamples.com

I forked/updated malc0de's TotalHash script to work with the new domain (https://totalhash.cymru.com) and used BeautifulSoup and Requests.

https://gist.github.com/gleblanc1783/3c8e6b379fa9d646d401b96ab5c7877f

https://github.com/EmersonElectricCo/fsf

https://github.com/honeytrap/honeytrap

hello my name is agus, can you help me, there i have trouble for instalation fame, or you have video instalation ?
thanks.

The link for Clean MX doesn't work

This site can’t be reachedThe connection was reset.
Try:

Checking the connection
ERR_CONNECTION_RESET

http://www.kernelmode.info/forum/ is a great forum with a wealth of information regarding the latest threats. Unpacked malware ready for analysis can be found there along with malware-specific caveats. Maybe there can be a place for it in this list?

https://github.com/vduddu/Malware

Hey!

Something that might be worth adding - search engine for malware / command and control etc.

Eg;

https://www.threatcrowd.org/domain.php?domain=aoldaily.com
https://www.threatcrowd.org/listMalware.php?antivirus=plugx

Full Disclamer - I made the site :)

I'd like to add MalPipe to the list, however I'm not really sure if we should place it in the "malware collection", "Open Source intelligence" or some other section.

The MalPipe repo at https://github.com/silascutler/MalPipe says:

"MalPipe is a modular malware (and indicator) collection and processing framework. It is designed to pull malware, domains, URLs and IP addresses from multiple feeds, enrich the collected data and export the results."

Missing ipvoid.com, ipvoid.com, cymon.io and badips.com under Domain Analysis

https://github.com/certtools/intelmq/

I don't see binwalk as one of the tools listed. It might not be specifically targeted for malware analysis, but very useful for file carving and binary file analysis. Imho.

http://binwalk.org/

Hi,

Thanks for including Bokken on the list. Could you, please, update the link to the new Bokken website?

http://www.bokken.re/

Thanks,

Hi

Thanks for the great resources in this repo! While skimming the entries, I noticed a few little things:

1. ZeuS Tracker seems to be no longer active.
2. NetworkTotal seems to be no longer active
3. Bro is now called Zeek

Would it be possible to add such minor improvements in one PR