Awesome-Mirrors/awesome-malware-analysis
1
0
Fork 0
mirror of https://github.com/rshipp/awesome-malware-analysis.git synced 2024-10-01 06:35:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #178 from KernelPan1k/kernelpan1k-patch-1

Browse Source 
remove http://malwaredb.malekal.com/ and add SystemLookup and Malware…
This commit is contained in:
Ryan Shipp 2019-03-06 18:50:34 -06:00 committed by GitHub
commit 042dfe1b9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@ -55,9 +55,9 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot. * [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot.
* [Cowrie](https://github.com/micheloosterhof/cowrie) - SSH honeypot, based * [Cowrie](https://github.com/micheloosterhof/cowrie) - SSH honeypot, based
on Kippo. on Kippo.
* [DemoHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Distributed Honeypots. * [DemoHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Distributed Honeypots.
* [Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware. * [Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
* [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot. * [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot.
* [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet. * [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet.
* [HoneyDrive](http://bruteforcelab.com/honeydrive) - Honeypot bundle Linux distro. * [HoneyDrive](http://bruteforcelab.com/honeydrive) - Honeypot bundle Linux distro.
@ -78,11 +78,10 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode * [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode
samples. samples.
* [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis. * [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
* [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing * [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing
rapid identification and actionable context for malware investigations. rapid identification and actionable context for malware investigations.
* [Malshare](https://malshare.com) - Large repository of malware actively * [Malshare](https://malshare.com) - Large repository of malware actively
scrapped from malicious sites. scrapped from malicious sites.
* [MalwareDB](http://malwaredb.malekal.com/) - Malware samples repository.
* [Open Malware Project](http://openmalware.org/) - Sample information and * [Open Malware Project](http://openmalware.org/) - Sample information and
downloads. Formerly Offensive Computing. downloads. Formerly Offensive Computing.
* [Ragpicker](https://github.com/robbyFux/Ragpicker) - Plugin based malware * [Ragpicker](https://github.com/robbyFux/Ragpicker) - Plugin based malware
@ -192,12 +191,14 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
- [CybOX - Cyber Observables eXpression](http://cyboxproject.github.io) - [CybOX - Cyber Observables eXpression](http://cyboxproject.github.io)
- [MAEC - Malware Attribute Enumeration and Characterization](http://maec.mitre.org/) - [MAEC - Malware Attribute Enumeration and Characterization](http://maec.mitre.org/)
- [TAXII - Trusted Automated eXchange of Indicator Information](http://taxiiproject.github.io) - [TAXII - Trusted Automated eXchange of Indicator Information](http://taxiiproject.github.io)
* [SystemLookup](https://www.systemlookup.com/) - SystemLookup hosts a collection of lists that provide information on
the components of legitimate and potentially unwanted programs.
* [ThreatMiner](https://www.threatminer.org/) - Data mining portal for threat * [ThreatMiner](https://www.threatminer.org/) - Data mining portal for threat
intelligence, with search. intelligence, with search.
* [threatRECON](https://threatrecon.co/) - Search for indicators, up to 1000 * [threatRECON](https://threatrecon.co/) - Search for indicators, up to 1000
free per month. free per month.
* [Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository. * [Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository.
* [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. * [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
* [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS * [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS
blocklists. blocklists.
@ -207,7 +208,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a * [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
variety of tools for reporting on Windows PE files. variety of tools for reporting on Windows PE files.
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable * [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
distributed file analysis framework. distributed file analysis framework.
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless * [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
AWS pipeline that scans and alerts on uploaded files based on a set of AWS pipeline that scans and alerts on uploaded files based on a set of
@ -230,7 +231,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs. * [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and * [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level. compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE * [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables. executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis * [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework. framework.
@ -305,14 +306,14 @@ executables.
the configuration settings from common malwares. the configuration settings from common malwares.
* [Malwr](https://malwr.com/) - Free analysis with an online Cuckoo Sandbox * [Malwr](https://malwr.com/) - Free analysis with an online Cuckoo Sandbox
instance. instance.
* [MetaDefender Cloud](https://metadefender.opswat.com/ ) - Scan a file, hash, IP, URL or * [MetaDefender Cloud](https://metadefender.opswat.com/ ) - Scan a file, hash, IP, URL or
domain address for malware for free. domain address for malware for free.
* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes * [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes
pcap files and facilitates the quick detection of viruses, worms, trojans, and all pcap files and facilitates the quick detection of viruses, worms, trojans, and all
kinds of malware using Suricata configured with EmergingThreats Pro. kinds of malware using Suricata configured with EmergingThreats Pro.
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to * [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to
collect information about malware in a sandboxed environment. collect information about malware in a sandboxed environment.
* [PacketTotal](https://packettotal.com/) - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within. * [PacketTotal](https://packettotal.com/) - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
* [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files. * [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files.
* [ProcDot](http://www.procdot.com) - A graphical malware analysis tool kit. * [ProcDot](http://www.procdot.com) - A graphical malware analysis tool kit.
* [Recomposer](https://github.com/secretsquirrel/recomposer) - A helper * [Recomposer](https://github.com/secretsquirrel/recomposer) - A helper
@ -361,7 +362,7 @@ executables.
accounts. accounts.
* [PhishStats](https://phishstats.info/) - Phishing Statistics with search for * [PhishStats](https://phishstats.info/) - Phishing Statistics with search for
IP, domain and website title IP, domain and website title
* [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS, * [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
historical and current DNS records, similar domains, certificate information historical and current DNS records, similar domains, certificate information
and other domain and IP related API and tools. and other domain and IP related API and tools.
* [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list. * [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list.
@ -453,7 +454,7 @@ the [browser malware](#browser-malware) section.*
Event Log files from raw binary data. Event Log files from raw binary data.
* [Foremost](http://foremost.sourceforge.net/) - File carving tool designed * [Foremost](http://foremost.sourceforge.net/) - File carving tool designed
by the US Air Force. by the US Air Force.
* [hachoir3](https://github.com/vstinner/hachoir3) - Hachoir is a Python library * [hachoir3](https://github.com/vstinner/hachoir3) - Hachoir is a Python library
to view and edit a binary stream field by field. to view and edit a binary stream field by field.
* [Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving * [Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving
tool. tool.
@ -479,7 +480,7 @@ the [browser malware](#browser-malware) section.*
XOR key using frequency analysis. XOR key using frequency analysis.
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
hidden code extractor for Windows malware. hidden code extractor for Windows malware.
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and * [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
platform-independent unpacker for Windows binaries based on emulation. platform-independent unpacker for Windows binaries based on emulation.
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware * [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
unpacker for Windows malware based on WinAppDbg. unpacker for Windows malware based on WinAppDbg.
@ -517,7 +518,7 @@ the [browser malware](#browser-malware) section.*
* [codebro](https://github.com/hugsy/codebro) - Web based code browser using * [codebro](https://github.com/hugsy/codebro) - Web based code browser using
 clang to provide basic code analysis.  clang to provide basic code analysis.
* [Cutter](https://github.com/radareorg/cutter) - GUI for Radare2. * [Cutter](https://github.com/radareorg/cutter) - GUI for Radare2.
* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF) * [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
- A binary analysis platform based   on QEMU. DroidScope is now an extension to DECAF. - A binary analysis platform based   on QEMU. DroidScope is now an extension to DECAF.
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler * [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler
and debugger. and debugger.
@ -549,7 +550,7 @@ the [browser malware](#browser-malware) section.*
* [LIEF](https://lief.quarkslab.com/) - LIEF provides a cross-platform library * [LIEF](https://lief.quarkslab.com/) - LIEF provides a cross-platform library
to parse, modify and abstract ELF, PE and MachO formats. to parse, modify and abstract ELF, PE and MachO formats.
* [ltrace](http://ltrace.org/) - Dynamic analysis for Linux executables. * [ltrace](http://ltrace.org/) - Dynamic analysis for Linux executables.
* [mac-a-mal](https://github.com/phdphuc/mac-a-mal) - An automated framework * [mac-a-mal](https://github.com/phdphuc/mac-a-mal) - An automated framework
for mac malware hunting. for mac malware hunting.
* [objdump](https://en.wikipedia.org/wiki/Objdump) - Part of GNU binutils, * [objdump](https://en.wikipedia.org/wiki/Objdump) - Part of GNU binutils,
for static analysis of Linux binaries. for static analysis of Linux binaries.
@ -790,6 +791,9 @@ the [browser malware](#browser-malware) section.*
* [APT Notes](https://github.com/aptnotes/data) - A collection of papers * [APT Notes](https://github.com/aptnotes/data) - A collection of papers
and notes related to Advanced Persistent Threats. and notes related to Advanced Persistent Threats.
* [Ember](https://github.com/endgameinc/ember) - Endgame Malware BEnchmark for Research,
a repository that makes it easy to (re)create a machine learning model that can be used
to predict a score for a PE file based on static analysis.
* [File Formats posters](https://github.com/corkami/pics) - Nice visualization * [File Formats posters](https://github.com/corkami/pics) - Nice visualization
of commonly used file format (including PE & ELF). of commonly used file format (including PE & ELF).
* [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and * [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and
@ -809,6 +813,8 @@ the [browser malware](#browser-malware) section.*
link in description. link in description.
* [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This * [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This
blog focuses on network traffic related to malware infections. blog focuses on network traffic related to malware infections.
* [Malware Search+++](https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/) Firefox extension allows
you to easily search some of the most popular malware databases
* [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) - * [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) -
This package contains most of the software referenced in the Practical Malware This package contains most of the software referenced in the Practical Malware
Analysis book. Analysis book.
@ -825,10 +831,6 @@ the [browser malware](#browser-malware) section.*
* [/r/Malware](https://www.reddit.com/r/Malware) - The malware subreddit. * [/r/Malware](https://www.reddit.com/r/Malware) - The malware subreddit.
* [/r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering) - * [/r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering) -
Reverse engineering subreddit, not limited to just malware. Reverse engineering subreddit, not limited to just malware.
* [Ember](https://github.com/endgameinc/ember) - Endgame Malware BEnchmark for Research,
a repository that makes it easy to (re)create a machine learning model that can be used
to predict a score for a PE file based on static analysis.