diff --git a/README.md b/README.md index 42d31e6..e0152ed 100644 --- a/README.md +++ b/README.md @@ -229,6 +229,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by legal concerns by the author. * [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with machine-learning classification. +* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis + of Linux malwares and capturing IOCs. * [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files. * [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis system. @@ -247,6 +249,9 @@ A curated list of awesome malware analysis tools and resources. Inspired by analysis of malware. * [Metadefender.com](https://www.metadefender.com) - Scan a file, hash or IP address for malware (free) +* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes + pcap files and facilitates the quick detection of viruses, worms, trojans, and all + kinds of malware using Suricata configured with EmergingThreats Pro. * [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to collect information about malware in a sandboxed environment. * [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files. @@ -350,6 +355,9 @@ the [browser malware](#browser-malware) section.* the backend-free version of PDF X-RAY. * [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python tool for exploring possibly malicious PDFs. +* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework + to analyze suspected malware documents to identify exploits in streams of different + encodings and to locate and extract embedded executables. * [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) - Mozilla's JavaScript engine, for debugging malicious JS. @@ -380,10 +388,15 @@ the [browser malware](#browser-malware) section.* & [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) - Two tools from Alexander Hanel for working with single-byte XOR encoded files. +* [FLOSS](https://github.com/fireeye/flare-floss) - The FireEye Labs Obfuscated + String Solver uses advanced static analysis techniques to automatically + deobfuscate strings from malware binaries. * [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte XOR key using frequency analysis. * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic hidden code extractor for Windows malware. +* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware + unpacker for Windows malware based on WinAppDbg. * [unxor](https://github.com/tomchop/unxor/) - Guess XOR keys using known-plaintext attacks. * [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator) - @@ -401,6 +414,8 @@ the [browser malware](#browser-malware) section.* * [angr](https://github.com/angr/angr) - Platform-agnostic binary analysis framework developed at UCSB's Seclab. +* [bamfdetect](https://github.com/bwall/bamfdetect) - Identifies and extracts + information from bots and other malware. * [BARF](https://github.com/programa-stic/barf-project) - Multiplatform, open source Binary Analysis and Reverse engineering Framework. * [binnavi](https://github.com/google/binnavi) - Binary analysis IDE for @@ -549,13 +564,21 @@ the [browser malware](#browser-malware) section.* malware and threat repository. * [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and search malware. +* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis + platform designed to help analysts to reverse malwares collaboratively. * [Viper](http://viper.li/) - A binary management and analysis framework for analysts and researchers. ## Miscellaneous +* [al-khaser](https://github.com/LordNoteworthy/al-khaser) - A PoC malware + with good intentions that aimes to stress anti-malware systems. +* [Binarly](http://binar.ly/) - Search engine for bytes in a large corpus + of malware. * [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) - The Defense Cyber Crime Center's Malware Configuration Parser framework. +* [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database + containing exploits used by malware. * [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.