rshipp / awesome-malware-analysis Goto Github PK
View Code? Open in Web Editor NEWDefund the Police.
Home Page: https://blacklivesmatters.carrd.co/#donate
License: Other
Defund the Police.
Home Page: https://blacklivesmatters.carrd.co/#donate
License: Other
Cutter has removed radare2 as their primary engine and replaced it with radare2 fork Rizin.
Rizin - https://github.com/rizinorg/rizin/releases/tag/v0.2.1
More Info regarding the replacement of radare2 - https://rizin.re/posts/faq/
Lastly, add Rizin to the list.
Thank you for the awesome list!
Cowrie is directly based on Kippo and is activly developed (unlike Kippo). Many more features and fixes many of the "bugs" Kippo has had forever.
We are running a free malware analysis service at https://www.hybrid-analysis.com/
Some statistics: https://www.hybrid-analysis.com/statistics
Sample report #1 (malicious word file): https://www.hybrid-analysis.com/sample/65ad508855b19d4f00ca11fe197b1372068c2e0946deb57c8cacb61da4305d43?environmentId=4
Sample report #2 (Bartalex): https://www.hybrid-analysis.com/sample/580bb47de41dddb39966f26a2508b75c4177303d8dbad7ca9a2520694643e713?environmentId=2#dropped-files
Sample report #3: https://www.hybrid-analysis.com/sample/2b6b690e1bbe6d222654912f042ab2157bfc0ea773a7bd8a1645c2f308e0f182?environmentId=2
Payload Security is an IT-Security startup company from Germany and what's special about the sandbox system is that we statically analyze memory dumps and run a data-flow analysis using additional runtime information (what we call 'hybrid analysis') to extract more API calls/Strings, which in turn are piped to the behavior signature interface. You can see these 'annotated disassembly streams' if you click on a process (see Sample report #3) in the 'Hybrid Analysis' section. In that case, a detailed tabbed view is opened.
Would be happy to see our service added to your extensive list.
I've just released Fibratus, a tool for exploration and tracing of the Windows kernel written in Python/Cython. It has a plethora of nice features that could help security analysts to detect
anomalous activities.
Repository url: https://github.com/rabbitstack/fibratus
Hi,
You can add Karma to your list.
Karma is a free web solution that can be used to add the organization assets (domains, websites, networks, etc), and Karma periodically search this assets on various Threat Intelligence Feeds and reports if any of this assets is listed.
Also, Karma alerts on bad configurations, like DNS open zone transfers, bad SSL configurations and more.
Link: https://karma.securetia.com
Regards!
Detect It Easy, or abbreviated "DIE" is a program for determining types of files.
https://github.com/horsicq/Detect-It-Easy
Could you please consider adding malchive? Thanks :)
Sorry I want to ask. In the analysis of malware there are 3 stages that can be used ie surface analysis, runtime analysis, and static analysis. In the third stage there are many tools, what tools is best used in the stage of Surface analysis, runtime analysis, and static analysis ??
Thanks you
Sent from my OPPO F1f using FastHub
At https://iplists.firehol.org IP Feeds are analysed, documented and compared.
Should these be removed
From https://travis-ci.org/rshipp/awesome-malware-analysis/builds/171463856
Hi,
could you consider to add yomi.yoroi.company free sandbox to "Online Scanners and Sandboxes" ?
Consider adding https://beta.virusbay.io
As a malware repository :)
I was wanting to know how to get access to virusign, it says you need a user/pass but there's no other information about it that I can find.
Hi!
Could you please add https://phishstats.info/ in the Domain Analysis section?
These are great tools for urls and IPs
I think the developer of Rootkit Hunter (rkhunter); Michael Boelen changed its name to Lynis for newer releases.
So, I hope you add this new one and leave the older one as is but with a mention of the newer app name; Lynis.
https://cisofy.com/lynis/
https://github.com/CISOfy/lynis
Thanx & apologies about the misuse.
Hello, I wrote a tool that can validate README links (valid URLs, not duplicate). It can be run when someone submits a pull request.
It is currently being used by
Examples
If you are interested, connect this repo to https://travis-ci.org/ and add a .travis.yml
file to the project.
See https://github.com/dkhamsing/awesome_bot for options, more information
Feel free to leave a comment π
It's a lightweight yet strong tool for static investigation of suspicious files which is useful for reversers, malware researchers and those who want inspect PE files in more details.
https://www.mzrst.com/
All three repos are dead now and go nowhere.
See: http://openmalware.org/?z
See: https://github.com/vduddu/Malware
See: http://tracker.h3x.eu/
Suggest adding these two to 'Malware Corpora':
https://github.com/MalwareSamples/Malware-Feed/
https://www.virussamples.com
I forked/updated malc0de's TotalHash script to work with the new domain (https://totalhash.cymru.com) and used BeautifulSoup and Requests.
https://gist.github.com/gleblanc1783/3c8e6b379fa9d646d401b96ab5c7877f
hello my name is agus, can you help me, there i have trouble for instalation fame, or you have video instalation ?
thanks.
The link for Clean MX doesn't work
This site canβt be reachedThe connection was reset.
Try:
Checking the connection
ERR_CONNECTION_RESET
http://www.kernelmode.info/forum/ is a great forum with a wealth of information regarding the latest threats. Unpacked malware ready for analysis can be found there along with malware-specific caveats. Maybe there can be a place for it in this list?
Hey!
Something that might be worth adding - search engine for malware / command and control etc.
Eg;
https://www.threatcrowd.org/domain.php?domain=aoldaily.com
https://www.threatcrowd.org/listMalware.php?antivirus=plugx
Full Disclamer - I made the site :)
I'd like to add MalPipe to the list, however I'm not really sure if we should place it in the "malware collection", "Open Source intelligence" or some other section.
The MalPipe repo at https://github.com/silascutler/MalPipe says:
"MalPipe is a modular malware (and indicator) collection and processing framework. It is designed to pull malware, domains, URLs and IP addresses from multiple feeds, enrich the collected data and export the results."
Missing ipvoid.com, ipvoid.com, cymon.io and badips.com under Domain Analysis
I don't see binwalk as one of the tools listed. It might not be specifically targeted for malware analysis, but very useful for file carving and binary file analysis. Imho.
Hi,
Thanks for including Bokken on the list. Could you, please, update the link to the new Bokken website?
http://www.bokken.re/
Thanks,
Hi
Thanks for the great resources in this repo! While skimming the entries, I noticed a few little things:
Would it be possible to add such minor improvements in one PR
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.