Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with malware-research

A curated list of projects in awesome lists tagged with malware-research .

https://github.com/vxunderground/malwaresourcecode

Collection of malware source code for a variety of platforms in an array of different programming languages.

malware malware-detection malware-development malware-research

Last synced: 14 May 2025

https://github.com/vxunderground/MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

malware malware-detection malware-development malware-research

Last synced: 18 Mar 2025

https://github.com/ytisf/thezoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis malware-research malware-samples malwareanalysis thezoo

Last synced: 14 May 2025

https://github.com/ytisf/theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis malware-research malware-samples malwareanalysis thezoo

Last synced: 24 Mar 2025

https://github.com/bee-san/pywhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

cyber cybersecurity hacking hacktoberfest malware malware-analysis malware-research pcap python re security tryhackme

Last synced: 13 May 2025

https://github.com/bee-san/pyWhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

cyber cybersecurity hacking hacktoberfest malware malware-analysis malware-research pcap python re security tryhackme

Last synced: 17 Mar 2025

https://github.com/a0rtega/pafish

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

analysis-environments malware malware-analysis malware-families malware-research rdtsc reverse-engineering sandbox virtual-machine

Last synced: 10 Apr 2025

https://github.com/rednaga/apkid

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

android android-protect-apps android-protection antivirus appshielding machine-learning malware-analysis malware-detection malware-research obfuscation packers rasp yara yara-forensics

Last synced: 13 May 2025

https://github.com/rednaga/APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

android android-protect-apps android-protection antivirus appshielding machine-learning malware-analysis malware-detection malware-research packers rasp yara yara-forensics

Last synced: 21 Nov 2024

https://github.com/hasherezade/malware_training_vol1

Materials for Windows Malware Analysis training (volume 1)

malware-analysis malware-research windows-malware-analysis

Last synced: 15 May 2025

https://github.com/neo23x0/yargen

yarGen is a generator for YARA rules

malware malware-analysis malware-research malwareanalysis python yara

Last synced: 15 May 2025

https://github.com/Neo23x0/yarGen

yarGen is a generator for YARA rules

malware malware-analysis malware-research malwareanalysis python yara

Last synced: 05 May 2025

https://github.com/phishing-database/phishing.database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.

domains malware malware-research phishing phishing-attacks phishing-domains phishing-reports phishing-servers phishing-sites statistics stats validity

Last synced: 14 May 2025

https://github.com/mitchellkrogza/phishing.database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.

domains malware malware-research phishing phishing-attacks phishing-domains phishing-reports phishing-servers phishing-sites statistics stats validity

Last synced: 13 Dec 2024

https://github.com/CERT-Polska/drakvuf-sandbox

DRAKVUF Sandbox - automated hypervisor-level malware analysis system

malware malware-analysis malware-research reverse-engineering sandbox

Last synced: 20 Apr 2025

https://github.com/gosecure/malboxes

Builds malware analysis Windows VMs so that you don't have to.

hacktoberfest malware-analysis malware-research packer python3 vagrant virtual-machine

Last synced: 16 May 2025

https://github.com/GoSecure/malboxes

Builds malware analysis Windows VMs so that you don't have to.

hacktoberfest malware-analysis malware-research packer python3 vagrant virtual-machine

Last synced: 27 Nov 2024

https://github.com/d35ha/callobfuscator

Obfuscate specific windows apis with different apis

c-plus-plus malware-research windows-api

Last synced: 04 Apr 2025

https://github.com/inquest/malware-samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

malware malware-analysis malware-research malware-samples

Last synced: 13 May 2025

https://github.com/InQuest/malware-samples

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

malware malware-analysis malware-research malware-samples

Last synced: 14 Apr 2025

https://github.com/7etsuo/windows-api-function-cheatsheets

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

cheatsheet malware-analysis malware-research reverse-engineering syscalls systems-programming win32-api windows windows-10 windows-11 windows-api windows-internals

Last synced: 21 Jan 2025

https://github.com/mrexodia/dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

cross-platform debugging-tools easy-to-use emulator hacktoberfest malware malware-analysis malware-analyzer malware-research minidump python python3 reverse-engineering sandbox unicorn unpacking windows windows-internals x64

Last synced: 15 May 2025

https://github.com/HynekPetrak/javascript-malware-collection

Collection of almost 40.000 javascript malware samples

javascript malware-jail malware-research malware-samples

Last synced: 12 Mar 2025

https://github.com/hynekpetrak/javascript-malware-collection

Collection of almost 40.000 javascript malware samples

javascript malware-jail malware-research malware-samples

Last synced: 13 May 2025

https://github.com/0x27/linux.mirai

Leaked Linux.Mirai Source Code for Research/IoC Development Purposes

botnet ioc ioc-development iot leak linux malware malware-analysis malware-development malware-research mirai mirai-source

Last synced: 11 May 2025

https://github.com/calebfenton/dex-oracle

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

android android-malware dalvik deobfuscation deobfuscator dex malware malware-analysis malware-analyzer malware-research reverse-engineer-apk reverse-engineering

Last synced: 16 May 2025

https://github.com/CalebFenton/dex-oracle

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

android android-malware dalvik deobfuscation deobfuscator dex malware malware-analysis malware-analyzer malware-research reverse-engineer-apk reverse-engineering

Last synced: 13 Mar 2025

https://github.com/HynekPetrak/malware-jail

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

analysis angler deobfuscation javascript malware-analysis malware-analyzer malware-jail malware-research malware-samples payload payload-extraction wscript

Last synced: 13 May 2025

https://github.com/eset/malware-research

Code written as part of our various malware investigations

malware-analysis malware-research python

Last synced: 15 May 2025

https://github.com/CERT-Polska/karton

Distributed malware processing framework based on Python, Redis and S3.

cert csirt cybersecurity karton malware-analysis malware-research pipeline

Last synced: 20 Apr 2025

https://github.com/SitinCloud/Owlyshield

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).

antivirus behavior-analysis command-and-control cybersecurity edr exfiltration impact machine-learning malware malware-analysis malware-research ransomware threat-hunting

Last synced: 24 Nov 2024

https://github.com/desktopecho/t95-h616-malware

"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes

android malware-research pi-hole

Last synced: 07 Apr 2025

https://github.com/navytitanium/fake-sandbox-artifacts

This script allows you to create various artifacts on a bare-metal Windows computer in an attempt to trick malwares that looks for VM or analysis tools

anti-analysis anti-emulation anti-sandbox anti-vm antivmdetection deception-defense malware-research sandbox-detection

Last synced: 07 Apr 2025

https://github.com/d35ha/xobf

Simple x86/x86_64 instruction level obfuscator based on a basic SBI engine

malware-research self-modifying-code static-binary-instrumentation

Last synced: 09 Apr 2025

https://github.com/sapphirex00/Threat-Hunting

Personal compilation of APT malware from whitepaper releases, documents and own research

collection malware malware-analysis malware-detection malware-research threat-hunting threat-intelligence threat-modeling threat-sharing yara-rules

Last synced: 31 Mar 2025

https://github.com/prodaft/malware-ioc

This repository contains indicators of compromise (IOCs) of our various investigations.

apt cybersecurity ioc malware malware-detection malware-research ransomware threat-hunting threat-intelligence threatintel threatintelligence ttp

Last synced: 10 Apr 2025

https://github.com/botherder/androidqf

androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.

android forensics malware-research security

Last synced: 21 Nov 2024

https://github.com/lawndoc/jaws

Jaws is an invisible programming language! Inject invisible code into other languages and files! Created for security research -- see blog post

c-programming compiler flex-bison interpreted-programming-language interpreter malware-research polyglot programming-language security-research virtual-machine

Last synced: 07 May 2025

https://github.com/cocomelonc/meow

Cybersecurity research results. Simple C/C++ and Python implementations

cryptography cybersecurity hacking malware malware-analysis malware-research mathematics maths research

Last synced: 04 Apr 2025

https://github.com/H4NM/WhoYouCalling

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

dynamic-analysis etw full-packet-capture game-hacking malware-analysis malware-research network-analysis windows-event-tracing

Last synced: 31 Jan 2025

https://github.com/ZSShen/ProbeDroid

A SDK for the creation of analysis tools without obtaining app source code in order to profile runtime performance, examine code coverage, and track high-risk behaviors of a given app on Android 5.0 and above.

android binary-instrument malware-analysis malware-research reverse-engineering

Last synced: 19 Mar 2025

https://github.com/fhightower/ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

cidr-range cidr-ranges grammar-parser grammars hacktoberfest indicators-of-compromise ioc-finder iocs ipv4 malware-analysis malware-research network-data observable parse-urls threat-hunting threat-intelligence threat-sharing threatintel

Last synced: 13 Apr 2025

https://github.com/knight0x07/pyc2bytecode

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

blueteam cybersecurity disassembler infosec infosectools malware-analysis malware-research python reverse-engineering security-tools static-analysis threat-intelligence

Last synced: 28 Apr 2025

https://github.com/keithjjones/visualize_logs

A Python library and command line tools to provide interactive log visualization.

cybersecurity investigation malware-analysis malware-research

Last synced: 21 Nov 2024

https://github.com/telekom-security/malware_analysis

This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.

cti malware malware-analysis malware-research reverse-engineering

Last synced: 13 Apr 2025

https://github.com/m3rcurylake/nyxelf

Nyxelf is a highly effective tool tailored for analyzing malicious Linux ELF binaries, offering comprehensive support for both static and dynamic analysis techniques.

antivirus binary binary-analysis linux-sandbox malware-analysis malware-research reverse-engineering sandbox security

Last synced: 07 Apr 2025

https://github.com/csvl/SEMA

SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SCDG). Those SCDGs can be exploited in machine learning modules to do classification/detection.

angr binary-analysis classification concolic-execution ctf cybersecurity detection linux malware malware-analysis malware-detection malware-research python reverse reverse-engineering sema static-analysis symbolic symbolic-execution windows

Last synced: 18 Jan 2025

https://github.com/mthcht/ThreatIntel-Reports

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

apt cti cyber-threat-intelligence malware-analysis malware-analysis-reports malware-research threat-analysis threat-hunting threat-intelligence threat-modeling threatintel

Last synced: 30 Mar 2025

https://mthcht.github.io/ThreatIntel-Reports/

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

apt cti cyber-threat-intelligence malware-analysis malware-analysis-reports malware-research threat-analysis threat-hunting threat-intelligence threat-modeling threatintel

Last synced: 30 Mar 2025

https://github.com/abdulkadir-gungor/HtmlSmuggling

HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

abdulkadir abdulkadir-gungor cyber-security cybersecurity ethical-hacking ethical-hacking-tools evasive-loader evasive-loader-technique evasive-maneuvers gungor html html-smuggling htmlsmuggling javascript malware-research

Last synced: 30 Mar 2025

https://github.com/InQuest/ThreatKB

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

malware-research yara yara-manager yara-rules yara-signatures

Last synced: 30 Mar 2025

https://github.com/redcode-labs/bmj

Code snippets for bare-metal malware development

assembly buffer-overflow exploit-development exploitation malware-research shellcode

Last synced: 15 Apr 2025

https://github.com/neo23x0/yaraqa

YARA rule analyzer to improve rule quality and performance

detection malware-detection malware-research signatures yara

Last synced: 06 Apr 2025

https://github.com/inquest/threatkb

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

malware-research yara yara-manager yara-rules yara-signatures

Last synced: 13 Mar 2025

https://github.com/0x48piraj/incarcero

Incarcero is a tool that creates Virtual Machines (VMs) preconfigured with malware analysis tools and security settings tailored for malware analysis without any user interaction.

malware malware-analysis malware-detection malware-research malware-samples research security

Last synced: 24 Feb 2025

https://github.com/0x48piraj/malwarex

Incarcero is a tool that creates Virtual Machines (VMs) preconfigured with malware analysis tools and security settings tailored for malware analysis without any user interaction.

malware malware-analysis malware-detection malware-research malware-samples research security

Last synced: 15 Feb 2025

https://github.com/ntraiseharderror/kaiser

Fileless persistence, attacks and anti-forensic capabilties.

anti-forensics file-less forensics malware-research persistence powershell security winapi wmi

Last synced: 12 May 2025

https://github.com/albertzsigovits/malware-tools

A curated list of malware repositories, trackers and malware analysis tools

malware malware-analysis malware-research malware-tools malwareanalysis reverse-engineering

Last synced: 13 May 2025