Malware

Malware copied to clipboard

Malware found in the wild

• EICAR test file

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Downloading can be done with proxychains and tor. Downloading multiple files can be done like this:

• on MacOS:

#!/bin/bash
#collect IPs from logs and put them in a matrix
virusMatrix=(
  1.94.127.91:51527/Mozi.a
  42.224.2.177:56263/Mozi.a
  42.230.87.202:33296/Mozi.m
  58.249.22.48:46809/Mozi.m
  59.94.195.181:46026/Mozi.a
  61.3.155.131:43576/Mozi.a
)
for url in "${virusMatrix[@]}"
  do
    :
    proxychains4 wget $url
done

Some resources

• Aurora - Malware similarity platform with modularity in mind.
• DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices.
• DomainClassifier - DomainClassifier is a Python (2/3) library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their DNS existence, localization or attributes.
• Findmal - A tool to find/download malware samples from various public repositories.
• MalwareClassifier - Malware Classifier From Network Captures.
• Malware-analysis-and-Reverse-engineering - "Some of my publicly available Malware analysis and Reverse engineering."
• MWDB Feeds - A Modular MWDB Utility to Collect Fresh Malware Samples.
• Snake - Snake is a malware storage zoo that was built out of the need for a centralised and unified storage solution for malicious samples that could seamlessly integrate into the investigation pipeline.
• Unit42's Playbook
• WMIPersistence.vbs

Malware

• Android Malware - GitHub repository of Android malware samples.
• Bediger4000's PHP Malware Analysis repo - Deobfuscation and analysis of PHP malware captured by a WordPress honey pot.
• Contagio Mobile – Mobile malware mini dump.
• DasMalwarek
• Endermanch MalwareDatabase - This repository is one of a few malware collections on the GitHub.
• Fabrimagic72 malware-samples - A collection of malware samples caught by several honeypots i manage
• Gr33ntii malware-collection - Author x0lzs3c
• HynekPetrak javascript-malware-collection - Collection of almost 40.000 javascript malware samples.
• InQuest malware-samples - A collection of malware samples and relevant dissection information, most probably referenced from https://blog.inquest.net
• Javascript Malware Collection - Collection of almost 40.000 javascript malware samples
• Malshare.com
• Malware4edu - Malware Samples that could be used for teaching students about malware analysis.
• Malware by abshkd - This is a collection of known malware and threats found on various Linux/web servers. Also find known ways to detect.
• malware-samples by Cerbersec - Malware samples pulled from my Cowrie honeypot
• Malware by theevilbit - Various malware RE stuff.
• Malware by RamadhanAmizudin - Malware Samples. Uploaded to GitHub for those want to analyse the code. Code mostly from: http://www.malwaretech.com.
• Malwares code by futex - Example of malicious codes for educational purpose, don't make shit with that.
• malwares-collection by petikvx - Collection of Virii - Worms - Trojan.
• Malware Samples by darrenmartyn
• Malware Samples by jstrosch - Malware samples, analysis exercises and other interesting resources.
• Malware Samples by Malware-Feed
• MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
• MalwareWorld.com - Check for Suspicious Domains and IPs.
• Malware World by Carlospolop - System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts.
• My-malware-collection by stinky-fox - "!!!WARNING!!!! Anything provided here is a real and potentially dangerous malware! Must be used with caution and only in the sandbox environment."
• Nikicat web-malware-collection
• Objective See Collection - macOS malware samples.
• OfficeMalwares - Sources Codes of many Office Malwares
• Packet Total – PCAP based malware sources.
• Penetrum Malware Zoo - A collection of malware that we use for testing and training.
• PracticalMalwareAnalysis-Labs - Binaries for the book Practical Malware Analysis.
• Shellntel's Dragon Backdoor repo - dragon.c: a sniffing, non binding, reverse down/exec, portknocking service * Based on cd00r.c by [email protected] and helldoor.c by [email protected].
• TakeDefense
• URLhaus – Online and real-world malware campaign samples.
• VirusShare.com
• Vxunderground MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages. www.vx-underground.org
• vx - Virus Exchange - Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.
• Ytisf theZoo - A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public. thezoo.morirt.com
• VIRUS-HUB - 病毒库、样本中心.
• VirusSamples by JPaulMora - Warning: These are REAL, EVIL executables.. download at your own risk, submit your own.

MacOS

• objective-see.com/malware

Windows

• moneta - Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs.