Malware Analysis

An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

A javascript malware analysis tool with backend code execution.

A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.

Leading open source automated malware analysis system.

Educational resources for reverse engineering tutorials by lena151.

A multithreaded YARA scanner for incident response or malware zoos.

A collaborative malware analysis framework with various features for automated analysis tasks.

Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.

A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.

MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.

Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.

Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.

FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.

An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.

Binary analysis and management framework for organizing malware and exploit samples.

Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.

Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.

A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.

yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.

PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.

A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.

Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.

Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.