From ff00221d9e0749bc7f347d81a292a0fc3f640b84 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Thu, 9 Jun 2016 09:20:00 +0200 Subject: [PATCH 01/10] Bamfdetect added --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 42d31e6..763f6ce 100644 --- a/README.md +++ b/README.md @@ -401,6 +401,8 @@ the [browser malware](#browser-malware) section.* * [angr](https://github.com/angr/angr) - Platform-agnostic binary analysis framework developed at UCSB's Seclab. +* [bamfdetect](https://github.com/bwall/bamfdetect) - Identifies and extracts + information from bots and other malware. * [BARF](https://github.com/programa-stic/barf-project) - Multiplatform, open source Binary Analysis and Reverse engineering Framework. * [binnavi](https://github.com/google/binnavi) - Binary analysis IDE for From d685c10b2940c7744603983be488e274a3258e46 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 10 Jun 2016 09:11:00 +0200 Subject: [PATCH 02/10] unpacker added --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 763f6ce..1be00da 100644 --- a/README.md +++ b/README.md @@ -384,6 +384,8 @@ the [browser malware](#browser-malware) section.* XOR key using frequency analysis. * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic hidden code extractor for Windows malware. +* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware + unpacker for Windows malware based on WinAppDbg. * [unxor](https://github.com/tomchop/unxor/) - Guess XOR keys using known-plaintext attacks. * [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator) - From 64545d0956f76b732933d16c20f9b316d779d97a Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sat, 11 Jun 2016 09:15:00 +0200 Subject: [PATCH 03/10] FLOSS by FireEye added --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1be00da..1e55f8f 100644 --- a/README.md +++ b/README.md @@ -380,6 +380,9 @@ the [browser malware](#browser-malware) section.* & [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) - Two tools from Alexander Hanel for working with single-byte XOR encoded files. +* [FLOSS](https://github.com/fireeye/flare-floss) - The FireEye Labs Obfuscated + String Solver uses advanced static analysis techniques to automatically + deobfuscate strings from malware binaries. * [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte XOR key using frequency analysis. * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic From d524a658433a0672eadb8b9570565255ae319b9a Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sun, 12 Jun 2016 09:45:00 +0200 Subject: [PATCH 04/10] QuickSand added --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1e55f8f..d8ae902 100644 --- a/README.md +++ b/README.md @@ -350,6 +350,9 @@ the [browser malware](#browser-malware) section.* the backend-free version of PDF X-RAY. * [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python tool for exploring possibly malicious PDFs. +* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework + to analyze suspected malware documents to identify exploits in streams of different + encodings and to locate and extract embedded executables. * [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) - Mozilla's JavaScript engine, for debugging malicious JS. From 2ec762c17b2cec54b515f34bf8731bb51143ea02 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 13 Jun 2016 09:10:00 +0200 Subject: [PATCH 05/10] Binar.ly added --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d8ae902..8af8d1a 100644 --- a/README.md +++ b/README.md @@ -564,6 +564,8 @@ the [browser malware](#browser-malware) section.* ## Miscellaneous +* [Binarly](http://binar.ly/) - Search engine for bytes in a large corpus + of malware. * [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) - The Defense Cyber Crime Center's Malware Configuration Parser framework. * [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration From 8052b0269abbe7ec7723c7b65e49d41d162ed6e9 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Tue, 14 Jun 2016 08:50:00 +0200 Subject: [PATCH 06/10] NetworkTotal added --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 8af8d1a..7ef490e 100644 --- a/README.md +++ b/README.md @@ -247,6 +247,9 @@ A curated list of awesome malware analysis tools and resources. Inspired by analysis of malware. * [Metadefender.com](https://www.metadefender.com) - Scan a file, hash or IP address for malware (free) +* [NetworkTotal](https://www.networktotal.com/index.html) - A service that analyzes + pcap files and facilitates the quick detection of viruses, worms, trojans, and all + kinds of malware using Suricata configured with EmergingThreats Pro. * [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to collect information about malware in a sandboxed environment. * [PDF Examiner](http://www.pdfexaminer.com/) - Analyse suspicious PDF files. From 1c73c77423a29c43f827bf0cae4c9fef0cbf3ce0 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 15 Jun 2016 08:31:00 +0200 Subject: [PATCH 07/10] detux added --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7ef490e..4dea2ac 100644 --- a/README.md +++ b/README.md @@ -229,6 +229,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by legal concerns by the author. * [DeepViz](https://www.deepviz.com/) - Multi-format file analyzer with machine-learning classification. +* [detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do traffic analysis + of Linux malwares and capturing IOCs. * [Document Analyzer](https://www.document-analyzer.net/) - Free dynamic analysis of DOC and PDF files. * [DRAKVUF](https://github.com/tklengyel/drakvuf) - Dynamic malware analysis system. From 6085d2cf2aca1b2fba6d5d221ef4f551c14fa4d8 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Thu, 16 Jun 2016 08:13:00 +0200 Subject: [PATCH 08/10] MalSploitBase added --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dea2ac..0979a2b 100644 --- a/README.md +++ b/README.md @@ -573,6 +573,8 @@ the [browser malware](#browser-malware) section.* of malware. * [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) - The Defense Cyber Crime Center's Malware Configuration Parser framework. +* [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database + containing exploits used by malware. * [Pafish](https://github.com/a0rtega/pafish) - Paranoid Fish, a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. From 12e981c66f098c667e3c005129f9827579d34868 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 17 Jun 2016 08:54:00 +0200 Subject: [PATCH 09/10] al-khaser added --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0979a2b..8a66845 100644 --- a/README.md +++ b/README.md @@ -569,6 +569,8 @@ the [browser malware](#browser-malware) section.* ## Miscellaneous +* [al-khaser](https://github.com/LordNoteworthy/al-khaser) - A PoC malware + with good intentions that aimes to stress anti-malware systems. * [Binarly](http://binar.ly/) - Search engine for bytes in a large corpus of malware. * [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) - From 2def03d0b73336741b66ee48022391309ba8f4ee Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sat, 18 Jun 2016 08:24:00 +0200 Subject: [PATCH 10/10] Polichombr added --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8a66845..e0152ed 100644 --- a/README.md +++ b/README.md @@ -564,6 +564,8 @@ the [browser malware](#browser-malware) section.* malware and threat repository. * [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and search malware. +* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis + platform designed to help analysts to reverse malwares collaboratively. * [Viper](http://viper.li/) - A binary management and analysis framework for analysts and researchers.