Malware Detection

APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.

A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.

Scan files with Yara, match findings to VirusTotal comments.

A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.

Yara Based Detection for web browsers

Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.

A tool for dynamic analysis of mobile applications in a controlled environment.

A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.

Collection of Yara rules for file identification and classification

A honeypot agent for running honeypots with service and data at threatwar.com.

Malware sandbox for executing malicious files in an isolated environment with advanced features.

Platform for uploading, searching, and downloading malware samples.

A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.

A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.

A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.

Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.

SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.

YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.

NotRuler is a tool for Exchange Admins to detect client-side Outlook rules and VBScript enabled forms, aiding in the detection of attacks created through Ruler.

Open-source rules for detecting and preventing email attacks like BEC, malware, and credential phishing.

A collection of Yara rules licensed under the DRL 1.1 License.

A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.