Category: Malware Analysis
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that...
GReAT’s KLara project Klara project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara. In order to hunt efficiently for malware, one needs a large collection of samples to search over....
mquery: Yara malware queries accelerator Ever had trouble searching for particular malware samples? Our project is an analyst-friendly web GUI to look through your digital warehouse. mquery can be used to search through terabytes...
malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces (APIs). It supports submitting files or URLs for analysis, retrieving reports by hash values,...
HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system. The tool helps security analyst extracting the static and dynamic...
DRAKVUF Introduction It is a virtualization-based agentless black-box binary analysis system. DRAKVUF allows for in-depth execution tracing of arbitrary binaries (including operating systems), all without having to install any special software within the virtual...
Detux: The Multiplatform Linux Sandbox Introduction: It is a sandbox developed to do traffic analysis of the Linux malwares and capture the IOCs by doing so. QEMU hypervisor is used to emulate Linux (Debian)...
malware-jail Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js malware-jail is written for Node’s ‘vm’ sandbox. Currently implements WScript (Windows Scripting Host) context env/wscript.js, at least the part frequently used by...
MADLIRA Malware detection using learning and information retrieval for Android Overview MADLIRA is a tool for Android malware detection. It consists of two components: TFIDF component and SVM learning component. In general, it takes...
Zenected is a cloud-based security threat protection service. It’s delivered through a set of pre-configured services. Once a user connects to the Zenected, that user’s network traffic is filtered to keep the bad things out (e.g....
Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics and intended to make identifying...
gscript Genesis Scripting Engine Genesis Scripting (gscript for short) is a technology I’ve developed to enable more intelligent malware stagers. Typically, stagers are pretty dumb. Most stagers are unique to the malware they deploy...
Process Hacker A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to...
Dorothy2 A malware/botnet analysis framework written in Ruby. Dorothy2 is a framework created for suspicious binary analysis. Its main strengths are a very flexible modular environment and an interactive investigation framework with a particular...
Limon – Sandbox for Analyzing Linux Malwares Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the runtime indicators of Linux malware. It allows...