remove http://malwaredb.malekal.com/ and add SystemLookup and Malware Search+++

This commit is contained in:
micka 2019-03-05 15:30:51 +01:00
parent 1a14af845b
commit aaaa803af6

View File

@ -55,9 +55,9 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot.
* [Cowrie](https://github.com/micheloosterhof/cowrie) - SSH honeypot, based
on Kippo.
* [DemoHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Distributed Honeypots.
* [Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
on Kippo.
* [DemoHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Distributed Honeypots.
* [Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
* [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot.
* [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet.
* [HoneyDrive](http://bruteforcelab.com/honeydrive) - Honeypot bundle Linux distro.
@ -78,11 +78,10 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
samples.
* [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
rapid identification and actionable context for malware investigations.
* [Malshare](https://malshare.com) - Large repository of malware actively
scrapped from malicious sites.
* [MalwareDB](http://malwaredb.malekal.com/) - Malware samples repository.
* [Open Malware Project](http://openmalware.org/) - Sample information and
downloads. Formerly Offensive Computing.
* [Ragpicker](https://github.com/robbyFux/Ragpicker) - Plugin based malware
@ -192,12 +191,14 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
- [CybOX - Cyber Observables eXpression](http://cyboxproject.github.io)
- [MAEC - Malware Attribute Enumeration and Characterization](http://maec.mitre.org/)
- [TAXII - Trusted Automated eXchange of Indicator Information](http://taxiiproject.github.io)
* [SystemLookup](https://www.systemlookup.com/) - SystemLookup hosts a collection of lists that provide information on
the components of legitimate and potentially unwanted programs.
* [ThreatMiner](https://www.threatminer.org/) - Data mining portal for threat
intelligence, with search.
* [threatRECON](https://threatrecon.co/) - Search for indicators, up to 1000
free per month.
* [Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository.
* [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
* [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
* [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS
blocklists.
@ -207,7 +208,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
variety of tools for reporting on Windows PE files.
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
distributed file analysis framework.
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
AWS pipeline that scans and alerts on uploaded files based on a set of
@ -230,7 +231,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework.
@ -305,14 +306,14 @@ executables.
the configuration settings from common malwares.
* [Malwr](https://malwr.com/) - Free analysis with an online Cuckoo Sandbox
instance.
* [MetaDefender Cloud](https://metadefender.opswat.com/ ) - Scan a file, hash, IP, URL or
* [MetaDefender Cloud](https://metadefender.opswat.com/ ) - Scan a file, hash, IP, URL or
domain address for malware for free.
* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes
pcap files and facilitates the quick detection of viruses, worms, trojans, and all
kinds of malware using Suricata configured with EmergingThreats Pro.
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
collect information about malware in a sandboxed environment.
* [PacketTotal](https://packettotal.com/) - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
* [PacketTotal](https://packettotal.com/) - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
* [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files.
* [ProcDot](http://www.procdot.com) - A graphical malware analysis tool kit.
* [Recomposer](https://github.com/secretsquirrel/recomposer) - A helper
@ -361,7 +362,7 @@ executables.
accounts.
* [PhishStats](https://phishstats.info/) - Phishing Statistics with search for
IP, domain and website title
* [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
* [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
historical and current DNS records, similar domains, certificate information
and other domain and IP related API and tools.
* [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list.
@ -453,7 +454,7 @@ the [browser malware](#browser-malware) section.*
Event Log files from raw binary data.
* [Foremost](http://foremost.sourceforge.net/) - File carving tool designed
by the US Air Force.
* [hachoir3](https://github.com/vstinner/hachoir3) - Hachoir is a Python library
* [hachoir3](https://github.com/vstinner/hachoir3) - Hachoir is a Python library
to view and edit a binary stream field by field.
* [Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving
tool.
@ -479,7 +480,7 @@ the [browser malware](#browser-malware) section.*
XOR key using frequency analysis.
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
hidden code extractor for Windows malware.
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
platform-independent unpacker for Windows binaries based on emulation.
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
unpacker for Windows malware based on WinAppDbg.
@ -517,7 +518,7 @@ the [browser malware](#browser-malware) section.*
* [codebro](https://github.com/hugsy/codebro) - Web based code browser using
 clang to provide basic code analysis.
* [Cutter](https://github.com/radareorg/cutter) - GUI for Radare2.
* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
- A binary analysis platform based   on QEMU. DroidScope is now an extension to DECAF.
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler
and debugger.
@ -549,7 +550,7 @@ the [browser malware](#browser-malware) section.*
* [LIEF](https://lief.quarkslab.com/) - LIEF provides a cross-platform library
to parse, modify and abstract ELF, PE and MachO formats.
* [ltrace](http://ltrace.org/) - Dynamic analysis for Linux executables.
* [mac-a-mal](https://github.com/phdphuc/mac-a-mal) - An automated framework
* [mac-a-mal](https://github.com/phdphuc/mac-a-mal) - An automated framework
for mac malware hunting.
* [objdump](https://en.wikipedia.org/wiki/Objdump) - Part of GNU binutils,
for static analysis of Linux binaries.
@ -790,6 +791,9 @@ the [browser malware](#browser-malware) section.*
* [APT Notes](https://github.com/aptnotes/data) - A collection of papers
and notes related to Advanced Persistent Threats.
* [Ember](https://github.com/endgameinc/ember) - Endgame Malware BEnchmark for Research,
a repository that makes it easy to (re)create a machine learning model that can be used
to predict a score for a PE file based on static analysis.
* [File Formats posters](https://github.com/corkami/pics) - Nice visualization
of commonly used file format (including PE & ELF).
* [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and
@ -809,6 +813,8 @@ the [browser malware](#browser-malware) section.*
link in description.
* [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This
blog focuses on network traffic related to malware infections.
* [Malware Search+++](https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/) Firefox extension allows
you to easily search some of the most popular malware databases
* [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) -
This package contains most of the software referenced in the Practical Malware
Analysis book.
@ -825,10 +831,6 @@ the [browser malware](#browser-malware) section.*
* [/r/Malware](https://www.reddit.com/r/Malware) - The malware subreddit.
* [/r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering) -
Reverse engineering subreddit, not limited to just malware.
* [Ember](https://github.com/endgameinc/ember) - Endgame Malware BEnchmark for Research,
a repository that makes it easy to (re)create a machine learning model that can be used
to predict a score for a PE file based on static analysis.