malware tools

선별된 악성코드 저장소, 추적기, 악성코드 분석 도구 목록

바이러스토탈 - https://virustotal.com
바이러스베이 - https://beta.virusbay.io
말비콘 - https://malbeacon.com
Traffic.moe - https://traffic.moe
브래드 트래픽 분석 - https://www.malware-traffic-analytics.net
theZoo - https://github.com/ytisf/theZoo/tree/master/malwares
전염 - https://contagiodump.blogspot.com
OpenMalware - https://openmalware.com
Virusign - http://www.virusign.com
다스멜베르크 - https://dasmalwerk.eu
말쿼리움 - https://malquarium.org
바이러스쉐어 - https://virusshare.com
MalwareOne - https://malware.one
AVCaesar - https://avcaesar.malware.lu
0xffff0800 - https://iec56w4ibovnb4wc.onion.si/Library
Malshare.com - https://malshare.com
Malshare.io - https://malshare.io

https://github.com/fabrimagic72/malware-samples
https://github.com/InQuest/malware-samples
https://github.com/0x48piraj/MalWAReX
https://github.com/NEUAI/MalwareLibrary
https://github.com/Tlgyt/The-Collection

URLHaus - https://urlhaus.abuse.ch/browse/
ViriBack - http://tracker.viriback.com
0btemoslab - http://tracker.0btemoslab.com
Malwaresuck - https://malwaresuck.com
벤코우 - http://benkow.cc/passwords.php?page=1
하루코 - https://tracker.fumik0.com
VXVault - http://vxvault.net/ViriList.php
CC 추적기 - https://cybercrime-tracker.net
Malc0de - http://malc0de.com/database
CRDF - https://threatcenter.crdf.fr
MDL - https://www.malwaredomainlist.com/mdl.php
IOC 트윗 - http://tweettioc.com
도둑질 추적기 - http://malwr.cc
ThreatShare - https://threatshare.io/malware/

바이러스토탈 - https://www.virustotal.com
하이브리드 분석 - https://www.hybrid-analytic.com
VMRay - https://www.vmray.com
샌드박스 - https://app.sndbox.com
바이러스베이 - https://beta.virusbay.io
Any.run - https://app.any.run
Tria.ge - https://tria.ge
Intezer - https://analyze.intezer.com
말워 - https://malwr.com
말워 뻐꾸기 - http://mlwr.ee
메타디펜더 - https://metadefender.opswat.com
발키리 - https://valkyrie.comodo.com
조 샌드박스 - https://www.joesandbox.com
피커 - http://sandbox.pikker.ee
ViCheck - https://www.vicheck.ca
조티 - https://virusscan.jotti.org
Virscan - http://virscan.org
아누비스 - http://anubis.iseclab.org
Wepawet - https://wepawet.cs.ucsb.edu
Manalyzer - https://manalyzer.org
언팩미 - https://www.unpac.me

파일
삼중
문자열
풀솜
xxd
구제
깊은
텔프해시
인증해시
gdb
스트레이스
레이더2
엑시프툴
엘프 덤프
objdump
읽기
엘푸틸
pax-utils
임파쉬
깊은
인증해시
대량 추출기
uudeview
맨 먼저
메스
스테그하이드
스테그스노우
zsteg
스테고스위트
스테그 브레이크
스테그검출
PEpper - https://github.com/Th3Hurrican3/PEpper
페브
페카브
pescanner.py
분석PE.py
분석PE
upx
야라
ripPE - https://github.com/matonis/ripPE
유니패커 - https://github.com/unipacker/unipacker

CFF 탐색기 - https://ntcore.com/?page_id=388
리소스 해커 - http://www.angusj.com/resourcehacker
XN 리소스 해커 - https://stefansundin.github.io/xn_resource_editor
의존성 워커 - http://www.dependentwalker.com
LordPE - http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip
실라 - https://github.com/NtQuery/Scylla
쉽게 감지하세요 - https://ntinfo.biz
PE 탐색기 - http://www.heaventools.com/overview.htm
REConstructor 가져오기 - https://github.com/NtQuery/Scylla
LordPE - https://www.aldeid.com/wiki/LordPE
PEiD - https://www.aldeid.com/wiki/PEiD
PEview - https://www.aldeid.com/wiki/PEView
FileAlyzer - https://www.safer-networking.org/products/filealyzer/
PEstudio - https://www.winitor.com/
침프렉 - https://www.aldeid.com/wiki/CHimpREC
PE 내부자 - https://cerbero.io/peinsider/
PE프레임 - https://github.com/guelfoweb/peframe
UPX - https://github.com/upx
Manalyze - https://github.com/JusticeRage/Manalyze
PortEx - https://github.com/katjahahn/PortEx
Signsrch - https://aluigi.altervista.org/mytoolz/signsrch.zip
Revelo - http://www.kahusecurity.com/2012/05/revelo-javascript-deobfuscator
UniExtract2 - https://github.com/Bioruebe/UniExtract2
MalUnpack - https://github.com/hasherezade/mal_unpack
PE_recovery_tools - https://github.com/hasherezade/pe_recovery_tools
자동 XOR 해독기 - https://github.com/MRGEffitas/scripts/blob/master/auto_xor_decryptor.py

피들러 - https://www.telerik.com/fiddler
Burp Suite - https://portswigger.net/burp/communitydownload

가짜DNS - https://www.fireeye.com/services/freeware/apatedns.html
ApateDNS - https://github.com/Crypt0s/FakeDns

FakeNet - https://github.com/fireeye/flare-fakenet-ng
INetSim - https://www.inetsim.org
넷캣 - http://netcat.sourceforge.net
TCPView - https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
와이어샤크 - https://www.wireshark.org
상상의 C2 - https://github.com/felixweyne/imaginaryC2
수리카타 - https://suricata-ids.org/download/
새로운 위협 SIG - https://rules.emergingthreats.net/
토르 - https://www.torproject.org/

RegShot - https://sourceforge.net/projects/regshot
변경된 사항 - https://www.majorgeeks.com/files/details/what_changed.html
CaptureBAT - https://www.honeynet.org/node/315

프로세스 해커 - https://github.com/processhacker/processhacker
프로세스 모니터 - https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
프로세스 탐색기 - https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
ProcessSpawnControl - https://github.com/felixweyne/ProcessSpawnControl
ProcDOT - http://www.procdot.com

API 모니터 - http://www.rohitab.com/apimonitor#Download
APISpy - http://www.matcode.com/apis32.htm

자동 실행 - https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

변동성 - https://github.com/volatilityfoundation/volatility
Memoryze - https://www.fireeye.com/services/freeware/memoryze.html
OSR 드라이버 로더 - https://www.aldeid.com/wiki/OSR-Driver-Loader
탐정 키트 - https://github.com/sleuthkit/sleuthkit
트루먼 - http://nsmwiki.org/Truman_Overview
야라 - https://github.com/virustotal/yara

마스티프 - https://github.com/KoreLogicSecurity/mastiff
IRMA - https://github.com/quarkslab/irma
VIPER - https://github.com/viper-framework/viper
로키 - https://github.com/Neo23x0/Loki
멀티스캐너 - https://github.com/mitre/multiscanner
찹샵 - https://github.com/MITRECND/chopshop
무닌 - https://github.com/Neo23x0/munin
펜리르 - https://github.com/Neo23x0/Fenrir
작살 - https://github.com/Neo23x0/harpoon

온라인 - https://onlinedisassembler.com/static/home/index.html
IDA - https://www.hex-rays.com/products/ida/
Hex-Rays 디컴파일러 - https://www.hex-rays.com/products/decompiler/
Radare2 - https://github.com/radare/radare2
바이너리 닌자 - https://binary.ninja/
BinDiff - https://www.zynamics.com/bindiff.html
빈나비 - https://github.com/google/binnavi
보흐스 - http://bochs.sourceforge.net/getcurrent.html
x64dbg - https://x64dbg.com/#start
WinDbg - https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
OllyDbg - http://www.ollydbg.de/
ImmunityDbg - https://www.immunityinc.com/products/debugger/

xorsearch - https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode-Detector/
scdbg - http://sandsprite.com/blogs/index.php?uid=7&pid=152
shellcode2exe - https://zeltser.com/convert-shellcode-to-assemblies/
jmp2it - https://digital-forensics.sans.org/blog/2014/12/30/take-control-of-the-instruction-pointer/
BlobRunner - https://github.com/OALabs/BlobRunner

dnSpy - https://github.com/0xd4d/dnSpy
dotPeek - https://www.jetbrains.com/decompiler
ILSpy - https://github.com/icsharpcode/ILSpy
JustDecompile - https://www.telerik.com/products/decompiler.aspx
저스트어셈블리 - https://www.telerik.com/justassembly
반사판 - https://www.red-gate.com/products/dotnet-development/reflector/index
CodeReflect - http://www.devextras.com/decompiler
Dis# - http://www.netdecompiler.com
IL 디스어셈블러 - https://www.dotnetperls.com/il-disassembler
분해 진단기 - https://adamsitnik.com/Disassemble-Diagnoser

V8 - https://isc.sans.edu/diary/V8+as+an+Alternative+to+SpiderMonkey+for+JavaScript+Deobfuscation/12157
box-js - https://github.com/CapacitorSet/box-js
js-detox - https://github.com/svent/jsdetox

SWFDec - https://cgit.freedesktop.org/wiki/swfdec
swf_mastah.py - https://github.com/9b/pdfxray_lite/blob/master/swf_mastah.py

ViperMonkey - https://github.com/decalage2/ViperMonkey
olevba.py - https://github.com/decalage2/oletools/wiki/olevba

OfficeMalScanner - http://www.reconstructer.org/code/OfficeMalScanner.zip
OLETools - https://www.decalage.info/python/oletools
하코이어 - https://bitbucket.org/haypo/hachoir/wiki/hachoir-urwid
EXE필터 - http://www.decalage.info/exefilter

rtfproc
rtfprocrule
rtfraptor
rtfscan
rtfobj
rtfparser
rtfdump

PDF 스트림 덤퍼 - http://sandsprite.com/blogs/index.php?uid=7&pid=57
PDF 해부기 - https://blog.zynamics.com/2010/09/03/pdf-dissector-1-7-0-released/
PDF 도구 - https://blog.didierstevens.com/programs/pdf-tools/
pdfid.py - https://blog.didierstevens.com/programs/pdf-tools/
pdfparser.py - https://blog.didierstevens.com/programs/pdf-tools/
peepdf.py - https://github.com/jesparza/peepdf
qpdf - http://qpdf.sourceforge.net/
pdfinfo
pdf2txt
pdf분리

Kahusecurity 도구 - http://www.kahusecurity.com/tools.html
DidierStevensSuite - https://github.com/DidierStevens/DidierStevensSuite
멋진 악성 코드 분석 목록 - https://github.com/rshipp/awesome-malware-analytic
멋진 반전 목록 - https://github.com/tylerha97/awesome-reversing
렘눅스 - https://remnux.org/
SANS SIFT - https://digital-forensics.sans.org/community/downloads
FireEye FLARE-VM - https://github.com/fireeye/flare-vm
FireEye CommandoVM - https://github.com/fireeye/commando-vm
웹쉘-인텔 - https://github.com/Neo23x0/webshell-intel
악성 코드 동작 - https://github.com/MAECProject/malware-behaviors
MalTrail - https://github.com/stamparm/maltrail

YaraScanner - https://github.com/mitre/yararules-python
야라 분석기 - https://github.com/Neo23x0/yarAnalyzer
야라 생성기 - https://github.com/Neo23x0/yarGen
멋진 야라 - https://github.com/Neo23x0/awesome-yara
악성 코드 서명 - https://github.com/Neo23x0/malware-signatures
서명 세트 - https://github.com/Neo23x0/signature-base
야라 규칙 - https://github.com/Neo23x0/rules
mkYARA - https://blog.fox-it.com/2019/03/28/mkyara-writing-yara-rules-for-the-lazy-analyst/

VT Investigator 문서 - https://storage.googleapis.com/vt-gtm-wp-media/virustotal-for-investigators.pdf