Malware Souk

A collaborative malware exchange repository.

Table of contents

• malware-research
  • Table of contents
  • Introduction
  • Installation
  • Browsing the collection
    • By Family
    • By File Format
    • By Platform
    • By Category
  • Contributing

Introduction

• Entry for malware analysts and reverse engineers to access a wide variety of samples.
• Source for machine learning engineers to access a curated database of malware families.
• Provide a taxonomy of malware families, such a taxonomy would be similar to this :
  • Malware family name.
  • Short history about the family, variants and similar files.
  • Indicator Of Compromise (IOC).
  • Tactics, Techniques and Procedures (TTPs).
  • Unpacked binary code.
  • Links to saferwall scan reports that contains detailed static and dynamic analysis.
• Collaborative malware exchange knowledge.

An example of a family taxonomy would be something similar to this :

* Gamarue
* Aliases: Andromeda
* First appearance 2011
* Static scan dump: file parser, strings, hashes, ...
* Dynamic Scan reports :
  * https://saferwall.com/scan/dynamic/variant-1-xxxx
  * https://saferwall.com/scan/static/variant-2-xxxx
* Known behavior and TTPs :
  * Creates registry key "xxxxxxxx"
  * Injects into process "xxxxxxx"
* Reference links:
  - Blog/whitepaper.

Installation

Start by cloning the repository:

git clone https://github.com/saferwall/malware-research.git

To download the binaries, you need to have git-fls installed.

Browsing the collection

For your convenience, you can browse this library by different means.

By Family

• Family

By File Format

• Bash
• ELF
• Java
• JS
• Mach-O
• MSIL
• O97M
• PE
• PS1
• Python
• VBA

By Platform

• Android
• Android
• DOS
• Linux
• OSX
• Win32

By Category

• Adware
• APT
• Exploit
• HackTool
• PUA
• PWS
• Ransom
• Rootkit
• Trojan
• Virus
• Worm

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.