恶意软件存储库、跟踪器和恶意软件分析工具的精选列表
VirusTotal - https://virustotal.com
VirusBay - https://beta.virusbay.io
MalBeacon - https://malbeacon.com
交通.moe - https://traffic.moe
Brad 流量分析 - https://www.malware-traffic-analysis.net
theZoo - https://github.com/ytisf/theZoo/tree/master/malwares
传染 - https://contagiodump.blogspot.com
OpenMalware - https://openmalware.com
Virusign - http://www.virusign.com
DasMelwerk - https://dasmalwerk.eu
Malquarium - https://malquarium.org
VirusShare - https://virusshare.com
MalwareOne - https://malware.one
AVCaesar - https://avcaesar.malware.lu
0xffff0800 - https://iec56w4ibovnb4wc.onion.si/Library
Malshare.com - https://malshare.com
Malshare.io - https://malshare.io
https://github.com/fabrimagic72/malware-samples
https://github.com/InQuest/malware-samples
https://github.com/0x48piraj/MalWAReX
https://github.com/NEUAI/MalwareLibrary
https://github.com/Tlgyt/The-Collection
URLHaus - https://urlhaus.abuse.ch/browse/
ViriBack - http://tracker.viriback.com
0btemoslab - http://tracker.0btemoslab.com
恶意软件 - https://malwaresuck.com
Benkow - http://benkow.cc/passwords.php?page=1
晴子 - https://tracker.fumik0.com
VXVault - http://vxvault.net/ViriList.php
CC 追踪器 - https://cybercrime-tracker.net
Malc0de - http://malc0de.com/database
CRDF - https://threatcenter.crdf.fr
MDL - https://www.malwaredomainlist.com/mdl.php
推文 IOC - http://tweettioc.com
偷窃者追踪器 - http://malwr.cc
ThreatShare - https://threatshare.io/malware/
VirusTotal - https://www.virustotal.com
混合分析 - https://www.hybrid-analysis.com
VMRay - https://www.vmray.com
Sndbox - https://app.sndbox.com
VirusBay - https://beta.virusbay.io
Any.run - https://app.any.run
Tria.ge - https://tria.ge
Intezer - https://analyze.intezer.com
Malwr - https://malwr.com
Malwr Cuckoo - http://mlwr.ee
Metadefender - https://metadefender.opswat.com
瓦尔基里 - https://valkyrie.comodo.com
乔沙盒 - https://www.joesandbox.com
皮克 - http://sandbox.pikker.ee
ViCheck - https://www.vicheck.ca
乔蒂 - https://virusscan.jotti.org
Virscan - http://virscan.org
阿努比斯 - http://anubis.iseclab.org
Wepawet - https://wepawet.cs.ucsb.edu
Manalyzer - https://manalyzer.org
Unpacme - https://www.unpac.me
文件
特里德
字符串
牙线
xxd
纠正
深海
特尔夫哈希
验证哈希值
数据库
斯特雷斯
雷达雷2
出口工具
精灵转储
对象转储
雷德尔夫
埃尔夫蒂尔斯
pax 实用程序
因法什
深海
验证哈希值
批量提取器
乌德维尤
最重要的
解剖刀
斯特吉德
斯泰格斯诺
兹泰格
隐写套件
斯特格布雷克
隐秘检测
PEpper - https://github.com/Th3Hurrican3/PEpper
佩夫
佩卡韦
pescanner.py
分析PE.py
分析PE
UPX
亚拉
ripPE - https://github.com/matonis/ripPE
Unipacker - https://github.com/unipacker/unipacker
CFF 资源管理器 - https://ntcore.com/?page_id=388
资源黑客 - http://www.angusj.com/resourcehacker
XN 资源黑客 - https://stefansundin.github.io/xn_resource_editor
Dependency Walker - http://www.dependencywalker.com
LordPE - http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip
Scylla - https://github.com/NtQuery/Scylla
轻松检测 - https://ntinfo.biz
PE 资源管理器 - http://www.heaventools.com/overview.htm
导入 REConstructor - https://github.com/NtQuery/Scylla
LordPE - https://www.aldeid.com/wiki/LordPE
PEiD - https://www.aldeid.com/wiki/PEiD
PEview - https://www.aldeid.com/wiki/PEView
FileAlyzer - https://www.safer-networking.org/products/filealyzer/
PEstudio - https://www.winitor.com/
Chimprec - https://www.aldeid.com/wiki/CHimpREC
PE 内幕 - https://cerbero.io/peinsider/
PEframe - https://github.com/guelfoweb/peframe
UPX - https://github.com/upx
Manalyze - https://github.com/JusticeRage/Manalyze
PortEx - https://github.com/katjahahn/PortEx
Signsrch - https://aluigi.altervista.org/mytoolz/signsrch.zip
Revelo - http://www.kahusecurity.com/2012/05/revelo-javascript-deobfuscator
UniExtract2 - https://github.com/Bioruebe/UniExtract2
MalUnpack - https://github.com/hasherezade/mal_unpack
PE_recovery_tools - https://github.com/hasherezade/pe_recovery_tools
自动异或解密器 - https://github.com/MRGEffitas/scripts/blob/master/auto_xor_decryptor.py
提琴手 - https://www.telerik.com/fiddler
Burp Suite - https://portswigger.net/burp/communitydownload
假 DNS - https://www.fireeye.com/services/freeware/apatedns.html
ApateDNS - https://github.com/Crypt0s/FakeDns
FakeNet - https://github.com/fireeye/flare-fakenet-ng
INetSim - https://www.inetsim.org
netcat - http://netcat.sourceforge.net
TCPView - https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
Wireshark - https://www.wireshark.org
想象中的 C2 - https://github.com/felixweyne/imaginaryC2
Suricata - https://suricata-ids.org/download/
新兴威胁 SIG - https://rules.emergingthreats.net/
Tor - https://www.torproject.org/
RegShot - https://sourceforge.net/projects/regshot
WhatChanged - https://www.majorgeeks.com/files/details/what_changed.html
CaptureBAT - https://www.honeynet.org/node/315
流程黑客 - https://github.com/processhacker/processhacker
进程监视器 - https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
进程资源管理器 - https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
ProcessSpawnControl - https://github.com/felixweyne/ProcessSpawnControl
ProcDOT - http://www.procdot.com
API 监视器 - http://www.rohitab.com/apimonitor#Download
APISpy - http://www.matcode.com/apis32.htm
自动运行 - https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
波动性 - https://github.com/volatilityfoundation/volatility
Memoryze - https://www.fireeye.com/services/freeware/memoryze.html
OSR 驱动程序加载器 - https://www.aldeid.com/wiki/OSR-Driver-Loader
侦探工具包 - https://github.com/sleuthkit/sleuthkit
杜鲁门 - http://nsmwiki.org/Truman_Overview
yara - https://github.com/virustotal/yara
獒犬 - https://github.com/KoreLogicSecurity/mastiff
IRMA - https://github.com/quarkslab/irma
VIPER - https://github.com/viper-framework/viper
洛基 - https://github.com/Neo23x0/Loki
多重扫描仪 - https://github.com/mitre/multiscanner
Chopshop - https://github.com/MITRECND/chopshop
穆宁 - https://github.com/Neo23x0/munin
芬里尔 - https://github.com/Neo23x0/Fenrir
鱼叉 - https://github.com/Neo23x0/harpoon
在线 - https://onlinedisassembler.com/static/home/index.html
IDA - https://www.hex-rays.com/products/ida/
Hex-Rays 反编译器 - https://www.hex-rays.com/products/decompiler/
radare2 - https://github.com/radare/radare2
二进制忍者 - https://binary.ninja/
BinDiff - https://www.zynamics.com/bindiff.html
BinNavi - https://github.com/google/binnavi
博赫斯 - http://bochs.sourceforge.net/getcurrent.html
x64dbg - https://x64dbg.com/#start
WinDbg - https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
OllyDbg - http://www.ollydbg.de/
ImmunityDbg - https://www.immunityinc.com/products/debugger/
xorsearch - https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode- detector/
scdbg - http://sandsprite.com/blogs/index.php?uid=7&pid=152
shellcode2exe - https://zeltser.com/convert-shellcode-to- assembly/
jmp2it - https://digital-forensics.sans.org/blog/2014/12/30/take-control-of-the-instruction-pointer/
BlobRunner - https://github.com/OALabs/BlobRunner
dnSpy - https://github.com/0xd4d/dnSpy
dotPeek - https://www.jetbrains.com/decompiler
ILSpy - https://github.com/icsharpcode/ILSpy
JustDecompile - https://www.telerik.com/products/decompiler.aspx
JustAssembly - https://www.telerik.com/justassemble
反射器 - https://www.red-gate.com/products/dotnet-development/reflector/index
CodeReflect - http://www.devextras.com/decompiler
Dis# - http://www.netdecompiler.com
IL 反汇编器 - https://www.dotnetperls.com/il-disassembler
反汇编诊断程序 - https://adamsitnik.com/Disassemble-Diagnoser
V8 - https://isc.sans.edu/diary/V8+as+an+Alternative+to+SpiderMonkey+for+JavaScript+Deobfuscation/12157
box-js - https://github.com/CapacitorSet/box-js
js-detox - https://github.com/svent/jsdetox
SWFDec - https://cgit.freedesktop.org/wiki/swfdec
swf_mastah.py - https://github.com/9b/pdfxray_lite/blob/master/swf_mastah.py
ViperMonkey - https://github.com/decalage2/ViperMonkey
olevba.py - https://github.com/decalage2/oletools/wiki/olevba
OfficeMalScanner - http://www.reconstructer.org/code/OfficeMalScanner.zip
OLETools - https://www.decalage.info/python/oletools
哈乔尔 - https://bitbucket.org/haypo/hachoir/wiki/hachoir-urwid
EXEFilter - http://www.decalage.info/exefilter
rtfproc
rtf程序规则
反转录猛禽
实时扫描
rtfobj
rtf解析器
rtf转储
PDF 流转储器 - http://sandsprite.com/blogs/index.php?uid=7&pid=57
PDF 解析器 - https://blog.zynamics.com/2010/09/03/pdf-dissector-1-7-0-released/
PDF 工具 - https://blog.didierstevens.com/programs/pdf-tools/
pdfid.py - https://blog.didierstevens.com/programs/pdf-tools/
pdfparser.py - https://blog.didierstevens.com/programs/pdf-tools/
peepdf.py - https://github.com/jesparza/peepdf
qpdf - http://qpdf.sourceforge.net/
pdf信息
pdf2txt
pdf分离
Kahu安全工具 - http://www.kahusecurity.com/tools.html
DidierStevensSuite - https://github.com/DidierStevens/DidierStevensSuite
很棒的恶意软件分析列表 - https://github.com/rshipp/awesome-malware-analysis
很棒的倒车列表 - https://github.com/tylerha97/awesome-reversing
Remnux - https://remnux.org/
SANS SIFT - https://digital-forensics.sans.org/community/downloads
FireEye FLARE-VM - https://github.com/fireeye/flare-vm
FireEye CommandoVM - https://github.com/fireeye/commando-vm
Webshell-intel - https://github.com/Neo23x0/webshell-intel
恶意软件行为 - https://github.com/MAECProject/malware-behaviors
MalTrail - https://github.com/stamparm/maltrail
YaraScanner - https://github.com/mitre/yararules-python
Yara 分析器 - https://github.com/Neo23x0/yarAnalyzer
Yara 生成器 - https://github.com/Neo23x0/yarGen
Awesome-Yara - https://github.com/Neo23x0/awesome-yara
恶意软件签名 - https://github.com/Neo23x0/malware-signatures
签名集 - https://github.com/Neo23x0/signature-base
Yara 规则 - https://github.com/Neo23x0/rules
mkYARA - https://blog.fox-it.com/2019/03/28/mkyara-writing-yara-rules-for-the-lazy-analyst/
VT 调查员论文 - https://storage.googleapis.com/vt-gtm-wp-media/virustotal-for-investigators.pdf