Project Icewater Logo

Project Icewater

0
Free
Visit Website

This project provides open-source YARA rules for the detection of malware and malicious files. The anti-virus industry prefers names for a threat. This is my attempt to publish signatures as numbers. Since I find the naming of threats to be confusing and misleading I am attempting to locate threats in a phase-space so that their relationships can be measured, visualized and scientifically described. Each YARA signature in this archive is organized by a prefix and a 64 bit integer. The prefix is an index into file size and file type while the suffix is a 64 bit coordinate in a multi dimensional hyper space. Within a prefix, edit distance may be used to understand how two clusters relate to each other. The Starting Problem The basis of this research and this contribution to internet security is the idea of the Starting Problem which derives itself from Turing complete machines halting problem documented by Allen Turing in 1936. The staring problem I am defining thus: Knowing if a program should be allowed to run without running the program. My solution is to run about 4% of programs and by running them infer if the other 96% should be allowed to run. Icewater is the

FEATURES

ALTERNATIVES

FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.

Microservice for scanning files with Yara

Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.

Code to prevent a managed .NET debugger/profiler from working.

Scans running processes for potentially malicious implants and dumps them.

A tool for reverse engineering Android apk files.

Fernflower is an analytical decompiler for Java with command-line options and support for external classes.

Platform for uploading, searching, and downloading malware samples.