malware-souk
malware-souk copied to clipboard
Collaborative malware exchange repository.
Malware Souk
A collaborative malware exchange repository.
Table of contents
-
malware-research
- Table of contents
- Introduction
- Installation
-
Browsing the collection
- By Family
- By File Format
- By Platform
- By Category
- Contributing
Introduction
- Entry for malware analysts and reverse engineers to access a wide variety of samples.
- Source for machine learning engineers to access a curated database of malware families.
- Provide a taxonomy of malware families, such a taxonomy would be similar to this :
- Malware family name.
- Short history about the family, variants and similar files.
- Indicator Of Compromise (IOC).
- Tactics, Techniques and Procedures (TTPs).
- Unpacked binary code.
- Links to saferwall scan reports that contains detailed static and dynamic analysis.
- Collaborative malware exchange knowledge.
An example of a family taxonomy would be something similar to this :
* Gamarue
* Aliases: Andromeda
* First appearance 2011
* Static scan dump: file parser, strings, hashes, ...
* Dynamic Scan reports :
* https://saferwall.com/scan/dynamic/variant-1-xxxx
* https://saferwall.com/scan/static/variant-2-xxxx
* Known behavior and TTPs :
* Creates registry key "xxxxxxxx"
* Injects into process "xxxxxxx"
* Reference links:
- Blog/whitepaper.
Installation
Start by cloning the repository:
git clone https://github.com/saferwall/malware-research.git
To download the binaries, you need to have git-fls installed.
Browsing the collection
For your convenience, you can browse this library by different means.
By Family
- Family
By File Format
- Bash
- ELF
- Java
- JS
- Mach-O
- MSIL
- O97M
- PE
- PS1
- Python
- VBA
By Platform
- Android
- Android
- DOS
- Linux
- OSX
- Win32
By Category
- Adware
- APT
- Exploit
- HackTool
- PUA
- PWS
- Ransom
- Rootkit
- Trojan
- Virus
- Worm
Contributing
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.