Malware
Explore 62 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Vulnerability Management
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A threat intelligence service providing actionable IoCs and security data feeds to help organizations detect, block, and respond to cyber threats.
A threat intelligence service providing actionable IoCs and security data feeds to help organizations detect, block, and respond to cyber threats.
Cloudflare Cloud Email Security is a cloud-based email protection service that safeguards organizations against phishing, malware, spam, and other email-borne threats through integrated threat detection and prevention capabilities.
Cloudflare Cloud Email Security is a cloud-based email protection service that safeguards organizations against phishing, malware, spam, and other email-borne threats through integrated threat detection and prevention capabilities.
A security solution that protects email and collaboration tools in Microsoft 365 environments against advanced threats including phishing, business email compromise, ransomware, and malware.
A security solution that protects email and collaboration tools in Microsoft 365 environments against advanced threats including phishing, business email compromise, ransomware, and malware.
An AI-powered email security platform that provides multi-layered protection against phishing, malware, and other email-based threats through various deployment options.
An AI-powered email security platform that provides multi-layered protection against phishing, malware, and other email-based threats through various deployment options.
A GitHub repository for fuzzing and testing file formats
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
Collection of cybersecurity conference videos recorded by Cooper (@Ministraitor)
Collection of cybersecurity conference videos recorded by Cooper (@Ministraitor)
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
A repository of YARA rules for identifying and classifying malware through pattern-based detection.
A repository of YARA rules for identifying and classifying malware through pattern-based detection.
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
Open-source initiative providing malicious and benign datasets to expedite data analysis and threat research.
Open-source initiative providing malicious and benign datasets to expedite data analysis and threat research.
Largest open collection of Android malware samples, with 298 samples and contributions welcome.
Largest open collection of Android malware samples, with 298 samples and contributions welcome.
A simple framework for extracting actionable data from Android malware
A simple framework for extracting actionable data from Android malware
Advanced Endpoint Protection is a complete endpoint protection platform that provides advanced threat protection against ransomware, data breaches, and malware.
Advanced Endpoint Protection is a complete endpoint protection platform that provides advanced threat protection against ransomware, data breaches, and malware.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
Report on a malicious module posing as a cookie parsing library on npm blog archive.
Report on a malicious module posing as a cookie parsing library on npm blog archive.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
Explores malware interaction with Windows API and methods for detection and prevention.
Explores malware interaction with Windows API and methods for detection and prevention.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
Identifies 137 malicious npm packages and gathers system information to a remote server.
Identifies 137 malicious npm packages and gathers system information to a remote server.
A collection of public YARA signatures for various malware families.
A collection of public YARA signatures for various malware families.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
Automatic YARA rule generator based on Koodous reports with limited false positives.
Automatic YARA rule generator based on Koodous reports with limited false positives.
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
Collection of YARA signatures from recent malware research.
Collection of YARA signatures from recent malware research.
Platform for uploading, searching, and downloading malware samples.
A collection of APT and cybercriminals campaigns with various resources and references.
A collection of APT and cybercriminals campaigns with various resources and references.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
Tool for fingerprinting malware HTTP requests.
FTP Honeypot tool with FTP + SSL-FTP features, used for catching credentials and malware files, distributing honeytoken files, and generating SSL certificates.
Repository of APT-related documents and notes sorted by year.
A modular malware collection and processing framework with support for various threat intelligence feeds.
A modular malware collection and processing framework with support for various threat intelligence feeds.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.
A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
In-depth analysis of real-world attacks and threat tactics
In-depth analysis of real-world attacks and threat tactics
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
npm security team foils plot to steal $13 million in cryptocurrency
npm security team foils plot to steal $13 million in cryptocurrency
A minimal, consistent API for building integrations with malware sandboxes
A minimal, consistent API for building integrations with malware sandboxes
A sandbox for quickly sandboxing known or unknown families of Android Malware
A sandbox for quickly sandboxing known or unknown families of Android Malware
Malware allows attackers to execute Windows commands from a remote environment
Malware allows attackers to execute Windows commands from a remote environment
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Repository of YARA rules for Trellix ATR blogposts and investigations
Repository of YARA rules for Trellix ATR blogposts and investigations
A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.
A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.
Studying Android malware behaviors through Information Flow monitoring techniques.
Studying Android malware behaviors through Information Flow monitoring techniques.
