mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-12-18 10:26:07 +00:00
remove http://malwaredb.malekal.com/ and add SystemLookup and Malware Search+++
This commit is contained in:
parent
1a14af845b
commit
aaaa803af6
40
README.md
40
README.md
@ -55,9 +55,9 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
|
||||
* [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot.
|
||||
* [Cowrie](https://github.com/micheloosterhof/cowrie) - SSH honeypot, based
|
||||
on Kippo.
|
||||
* [DemoHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Distributed Honeypots.
|
||||
* [Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
|
||||
on Kippo.
|
||||
* [DemoHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Distributed Honeypots.
|
||||
* [Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
|
||||
* [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot.
|
||||
* [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet.
|
||||
* [HoneyDrive](http://bruteforcelab.com/honeydrive) - Honeypot bundle Linux distro.
|
||||
@ -78,11 +78,10 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
|
||||
samples.
|
||||
* [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
|
||||
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
|
||||
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
|
||||
rapid identification and actionable context for malware investigations.
|
||||
* [Malshare](https://malshare.com) - Large repository of malware actively
|
||||
scrapped from malicious sites.
|
||||
* [MalwareDB](http://malwaredb.malekal.com/) - Malware samples repository.
|
||||
* [Open Malware Project](http://openmalware.org/) - Sample information and
|
||||
downloads. Formerly Offensive Computing.
|
||||
* [Ragpicker](https://github.com/robbyFux/Ragpicker) - Plugin based malware
|
||||
@ -192,12 +191,14 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
- [CybOX - Cyber Observables eXpression](http://cyboxproject.github.io)
|
||||
- [MAEC - Malware Attribute Enumeration and Characterization](http://maec.mitre.org/)
|
||||
- [TAXII - Trusted Automated eXchange of Indicator Information](http://taxiiproject.github.io)
|
||||
* [SystemLookup](https://www.systemlookup.com/) - SystemLookup hosts a collection of lists that provide information on
|
||||
the components of legitimate and potentially unwanted programs.
|
||||
* [ThreatMiner](https://www.threatminer.org/) - Data mining portal for threat
|
||||
intelligence, with search.
|
||||
* [threatRECON](https://threatrecon.co/) - Search for indicators, up to 1000
|
||||
free per month.
|
||||
* [Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository.
|
||||
* [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
|
||||
* [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
|
||||
* [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS
|
||||
blocklists.
|
||||
|
||||
@ -207,7 +208,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
|
||||
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
|
||||
variety of tools for reporting on Windows PE files.
|
||||
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
|
||||
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
|
||||
distributed file analysis framework.
|
||||
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
|
||||
AWS pipeline that scans and alerts on uploaded files based on a set of
|
||||
@ -230,7 +231,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
|
||||
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
|
||||
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
|
||||
compare malware at a function level.
|
||||
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
|
||||
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
|
||||
executables.
|
||||
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
|
||||
framework.
|
||||
@ -305,14 +306,14 @@ executables.
|
||||
the configuration settings from common malwares.
|
||||
* [Malwr](https://malwr.com/) - Free analysis with an online Cuckoo Sandbox
|
||||
instance.
|
||||
* [MetaDefender Cloud](https://metadefender.opswat.com/ ) - Scan a file, hash, IP, URL or
|
||||
* [MetaDefender Cloud](https://metadefender.opswat.com/ ) - Scan a file, hash, IP, URL or
|
||||
domain address for malware for free.
|
||||
* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes
|
||||
pcap files and facilitates the quick detection of viruses, worms, trojans, and all
|
||||
kinds of malware using Suricata configured with EmergingThreats Pro.
|
||||
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
|
||||
collect information about malware in a sandboxed environment.
|
||||
* [PacketTotal](https://packettotal.com/) - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
|
||||
* [PacketTotal](https://packettotal.com/) - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
|
||||
* [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files.
|
||||
* [ProcDot](http://www.procdot.com) - A graphical malware analysis tool kit.
|
||||
* [Recomposer](https://github.com/secretsquirrel/recomposer) - A helper
|
||||
@ -361,7 +362,7 @@ executables.
|
||||
accounts.
|
||||
* [PhishStats](https://phishstats.info/) - Phishing Statistics with search for
|
||||
IP, domain and website title
|
||||
* [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
|
||||
* [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
|
||||
historical and current DNS records, similar domains, certificate information
|
||||
and other domain and IP related API and tools.
|
||||
* [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list.
|
||||
@ -453,7 +454,7 @@ the [browser malware](#browser-malware) section.*
|
||||
Event Log files from raw binary data.
|
||||
* [Foremost](http://foremost.sourceforge.net/) - File carving tool designed
|
||||
by the US Air Force.
|
||||
* [hachoir3](https://github.com/vstinner/hachoir3) - Hachoir is a Python library
|
||||
* [hachoir3](https://github.com/vstinner/hachoir3) - Hachoir is a Python library
|
||||
to view and edit a binary stream field by field.
|
||||
* [Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving
|
||||
tool.
|
||||
@ -479,7 +480,7 @@ the [browser malware](#browser-malware) section.*
|
||||
XOR key using frequency analysis.
|
||||
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
|
||||
hidden code extractor for Windows malware.
|
||||
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
|
||||
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
|
||||
platform-independent unpacker for Windows binaries based on emulation.
|
||||
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
|
||||
unpacker for Windows malware based on WinAppDbg.
|
||||
@ -517,7 +518,7 @@ the [browser malware](#browser-malware) section.*
|
||||
* [codebro](https://github.com/hugsy/codebro) - Web based code browser using
|
||||
clang to provide basic code analysis.
|
||||
* [Cutter](https://github.com/radareorg/cutter) - GUI for Radare2.
|
||||
* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
|
||||
* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
|
||||
- A binary analysis platform based on QEMU. DroidScope is now an extension to DECAF.
|
||||
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler
|
||||
and debugger.
|
||||
@ -549,7 +550,7 @@ the [browser malware](#browser-malware) section.*
|
||||
* [LIEF](https://lief.quarkslab.com/) - LIEF provides a cross-platform library
|
||||
to parse, modify and abstract ELF, PE and MachO formats.
|
||||
* [ltrace](http://ltrace.org/) - Dynamic analysis for Linux executables.
|
||||
* [mac-a-mal](https://github.com/phdphuc/mac-a-mal) - An automated framework
|
||||
* [mac-a-mal](https://github.com/phdphuc/mac-a-mal) - An automated framework
|
||||
for mac malware hunting.
|
||||
* [objdump](https://en.wikipedia.org/wiki/Objdump) - Part of GNU binutils,
|
||||
for static analysis of Linux binaries.
|
||||
@ -790,6 +791,9 @@ the [browser malware](#browser-malware) section.*
|
||||
|
||||
* [APT Notes](https://github.com/aptnotes/data) - A collection of papers
|
||||
and notes related to Advanced Persistent Threats.
|
||||
* [Ember](https://github.com/endgameinc/ember) - Endgame Malware BEnchmark for Research,
|
||||
a repository that makes it easy to (re)create a machine learning model that can be used
|
||||
to predict a score for a PE file based on static analysis.
|
||||
* [File Formats posters](https://github.com/corkami/pics) - Nice visualization
|
||||
of commonly used file format (including PE & ELF).
|
||||
* [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and
|
||||
@ -809,6 +813,8 @@ the [browser malware](#browser-malware) section.*
|
||||
link in description.
|
||||
* [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This
|
||||
blog focuses on network traffic related to malware infections.
|
||||
* [Malware Search+++](https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/) Firefox extension allows
|
||||
you to easily search some of the most popular malware databases
|
||||
* [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) -
|
||||
This package contains most of the software referenced in the Practical Malware
|
||||
Analysis book.
|
||||
@ -825,10 +831,6 @@ the [browser malware](#browser-malware) section.*
|
||||
* [/r/Malware](https://www.reddit.com/r/Malware) - The malware subreddit.
|
||||
* [/r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering) -
|
||||
Reverse engineering subreddit, not limited to just malware.
|
||||
* [Ember](https://github.com/endgameinc/ember) - Endgame Malware BEnchmark for Research,
|
||||
a repository that makes it easy to (re)create a machine learning model that can be used
|
||||
to predict a score for a PE file based on static analysis.
|
||||
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user