Malware Detection

Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.

A powerful tool for detecting and identifying malware using a rule-based system.

A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.

A tool that generates Yara rules from training data using logistic regression and random forest classifiers.

A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.

Collection of malware persistence information and techniques

A collection of YARA rules for public use, built from intelligence profiles and file work.

GCTI's open-source detection signatures for malware and threat detection

YARA rules for ProcFilter to detect malware and threats

VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.

Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.

A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.

ClamAV is an open-source antivirus engine that detects trojans, viruses, malware, and other malicious threats.

An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.

Malscan is a tool to scan process memory for YARA matches and execute Python scripts.

GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.

A collection of scripts and guidance for generating proof-of-concept Amazon GuardDuty findings to help users understand and test AWS security detection capabilities.

An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.

BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.

A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.

Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.

Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.

npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.