malware tools

惡意軟體儲存庫、追蹤器和惡意軟體分析工具的精選列表

VirusTotal - https://virustotal.com
VirusBay - https://beta.virusbay.io
MalBeacon - https://malbeacon.com
交通.moe - https://traffic.moe
Brad 流量分析 - https://www.malware-traffic-analysis.net
theZoo - https://github.com/ytisf/theZoo/tree/master/malwares
傳染 - https://contagiodump.blogspot.com
OpenMalware - https://openmalware.com
Virusign - http://www.virusign.com
DasMelwerk - https://dasmalwerk.eu
Malquarium - https://malquarium.org
VirusShare - https://virusshare.com
MalwareOne - https://malware.one
AVCaesar - https://avcaesar.malware.lu
0xffff0800 - https://iec56w4ibovnb4wc.onion.si/Library
Malshare.com - https://malshare.com
Malshare.io - https://malshare.io

https://github.com/fabrimagic72/malware-samples
https://github.com/InQuest/malware-samples
https://github.com/0x48piraj/MalWAReX
https://github.com/NEUAI/MalwareLibrary
https://github.com/Tlgyt/The-Collection

URLHaus - https://urlhaus.abuse.ch/browse/
ViriBack - http://tracker.viriback.com
0btemoslab - http://tracker.0btemoslab.com
惡意軟體 - https://malwaresuck.com
Benkow - http://benkow.cc/passwords.php?page=1
晴子 - https://tracker.fumik0.com
VXVault - http://vxvault.net/ViriList.php
CC 追蹤器 - https://cybercrime-tracker.net
Malc0de - http://malc0de.com/database
CRDF - https://threatcenter.crdf.fr
MDL - https://www.malwaredomainlist.com/mdl.php
推文 IOC - http://tweettioc.com
偷竊者追蹤器 - http://malwr.cc
ThreatShare - https://threatshare.io/malware/

VirusTotal - https://www.virustotal.com
混合分析 - https://www.hybrid-analysis.com
VMRay - https://www.vmray.com
Sndbox - https://app.sndbox.com
VirusBay - https://beta.virusbay.io
Any.run - https://app.any.run
Tria.ge - https://tria.ge
Intezer - https://analyze.intezer.com
Malwr - https://malwr.com
Malwr Cuckoo - http://mlwr.ee
Metadefender - https://metadefender.opswat.com
瓦爾基里 - https://valkyrie.comodo.com
喬沙箱 - https://www.joesandbox.com
皮克 - http://sandbox.pikker.ee
ViCheck - https://www.vicheck.ca
喬蒂 - https://virusscan.jotti.org
Virscan - http://virscan.org
阿努比斯 - http://anubis.iseclab.org
Wepawet - https://wepawet.cs.ucsb.edu
Manalyzer - https://manalyzer.org
Unpacme - https://www.unpac.me

文件
特里德
字串
牙線
xxd
修正
深海
特爾夫哈希
驗證哈希值
資料庫
斯特雷斯
雷達雷2
exif工具
精靈轉儲
對象轉儲
雷德爾夫
埃爾夫蒂爾斯
pax 實用程式
因法什
深海
驗證哈希值
大量提取器
烏德維尤
最重要的
解剖刀
斯特吉德
史泰格斯諾
茲泰格
隱寫套件
斯特格布雷克
隱密偵測
PEpper - https://github.com/Th3Hurrican3/PEpper
佩夫
佩卡韋
pescanner.py
分析PE.py
分析PE
UPX
亞拉
ripPE - https://github.com/matonis/ripPE
Unipacker - https://github.com/unipacker/unipacker

CFF 資源管理器 - https://ntcore.com/?page_id=388
資源駭客 - http://www.angusj.com/resourcehacker
XN 資源駭客 - https://stefansundin.github.io/xn_resource_editor
Dependency Walker - http://www.dependencywalker.com
LordPE - http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip
Scylla - https://github.com/NtQuery/Scylla
輕鬆檢測 - https://ntinfo.biz
PE 資源管理器 - http://www.heaventools.com/overview.htm
導入 REConstructor - https://github.com/NtQuery/Scylla
LordPE - https://www.aldeid.com/wiki/LordPE
PEiD - https://www.aldeid.com/wiki/PEiD
PEview - https://www.aldeid.com/wiki/PEView
FileAlyzer - https://www.safer-networking.org/products/filealyzer/
PEstudio - https://www.winitor.com/
Chimprec - https://www.aldeid.com/wiki/CHimpREC
PE 內幕 - https://cerbero.io/peinsider/
PEframe - https://github.com/guelfoweb/peframe
UPX - https://github.com/upx
Manalyze - https://github.com/JusticeRage/Manalyze
PortEx - https://github.com/katjahahn/PortEx
Signsrch - https://aluigi.altervista.org/mytoolz/signsrch.zip
Revelo - http://www.kahusecurity.com/2012/05/revelo-javascript-deobfuscator
UniExtract2 - https://github.com/Bioruebe/UniExtract2
MalUnpack - https://github.com/hasherezade/mal_unpack
PE_recovery_tools - https://github.com/hasherezade/pe_recovery_tools
自動異或解密器 - https://github.com/MRGEffitas/scripts/blob/master/auto_xor_decryptor.py

提琴手 - https://www.telerik.com/fiddler
Burp Suite - https://portswigger.net/burp/communitydownload

假 DNS - https://www.fireeye.com/services/freeware/apatedns.html
ApateDNS - https://github.com/Crypt0s/FakeDns

FakeNet - https://github.com/fireeye/flare-fakenet-ng
INetSim - https://www.inetsim.org
netcat - http://netcat.sourceforge.net
TCPView - https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
Wireshark - https://www.wireshark.org
想像中的 C2 - https://github.com/felixweyne/imaginaryC2
Suricata - https://suricata-ids.org/download/
新興威脅 SIG - https://rules.emergingthreats.net/
Tor - https://www.torproject.org/

RegShot - https://sourceforge.net/projects/regshot
WhatChanged - https://www.majorgeeks.com/files/details/what_changed.html
CaptureBAT - https://www.honeynet.org/node/315

流程駭客 - https://github.com/processhacker/processhacker
進程監視器 - https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
流程資源管理器 - https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
ProcessSpawnControl - https://github.com/felixweyne/ProcessSpawnControl
ProcDOT - http://www.procdot.com

API 監視器 - http://www.rohitab.com/apimonitor#Download
APISpy - http://www.matcode.com/apis32.htm

自動運行 - https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

波動性 - https://github.com/volatilityfoundation/volatility
Memoryze - https://www.fireeye.com/services/freeware/memoryze.html
OSR 驅動程式載入器 - https://www.aldeid.com/wiki/OSR-Driver-Loader
偵探工具包 - https://github.com/sleuthkit/sleuthkit
杜魯門 - http://nsmwiki.org/Truman_Overview
yara - https://github.com/virustotal/yara

獒犬 - https://github.com/KoreLogicSecurity/mastiff
IRMA - https://github.com/quarkslab/irma
VIPER - https://github.com/viper-framework/viper
洛基 - https://github.com/Neo23x0/Loki
多重掃描器 - https://github.com/mitre/multiscanner
Chopshop - https://github.com/MITRECND/chopshop
穆寧 - https://github.com/Neo23x0/munin
芬裡爾 - https://github.com/Neo23x0/Fenrir
魚叉 - https://github.com/Neo23x0/harpoon

線上 - https://onlinedisassembler.com/static/home/index.html
IDA - https://www.hex-rays.com/products/ida/
Hex-Rays 反編譯器 - https://www.hex-rays.com/products/decompiler/
radare2 - https://github.com/radare/radare2
二進位忍者 - https://binary.ninja/
BinDiff - https://www.zynamics.com/bindiff.html
BinNavi - https://github.com/google/binnavi
博赫斯 - http://bochs.sourceforge.net/getcurrent.html
x64dbg - https://x64dbg.com/#start
WinDbg - https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
OllyDbg - http://www.ollydbg.de/
ImmunityDbg - https://www.immunityinc.com/products/debugger/

xorsearch - https://blog.didierstevens.com/2014/09/29/update-xorsearch-with-shellcode- detector/
scdbg - http://sandsprite.com/blogs/index.php?uid=7&pid=152
shellcode2exe - https://zeltser.com/convert-shellcode-to- assembly/
jmp2it - https://digital-forensics.sans.org/blog/2014/12/30/take-control-of-the-instruction-pointer/
BlobRunner - https://github.com/OALabs/BlobRunner

dnSpy - https://github.com/0xd4d/dnSpy
dotPeek - https://www.jetbrains.com/decompiler
ILSpy - https://github.com/icsharpcode/ILSpy
JustDecompile - https://www.telerik.com/products/decompiler.aspx
JustAssembly - https://www.telerik.com/justassemble
反射鏡 - https://www.red-gate.com/products/dotnet-development/reflector/index
CodeReflect - http://www.devextras.com/decompiler
Dis# - http://www.netdecompiler.com
IL 反組譯器 - https://www.dotnetperls.com/il-disassembler
反組譯診斷程式 - https://adamsitnik.com/Disassemble-Diagnoser

V8 - https://isc.sans.edu/diary/V8+as+an+Alternative+to+SpiderMonkey+for+JavaScript+Deobfuscation/12157
box-js - https://github.com/CapacitorSet/box-js
js-detox - https://github.com/svent/jsdetox

SWFDec - https://cgit.freedesktop.org/wiki/swfdec
swf_mastah.py - https://github.com/9b/pdfxray_lite/blob/master/swf_mastah.py

ViperMonkey - https://github.com/decalage2/ViperMonkey
olevba.py - https://github.com/decalage2/oletools/wiki/olevba

OfficeMalScanner - http://www.reconstructer.org/code/OfficeMalScanner.zip
OLETools - https://www.decalage.info/python/oletools
哈喬爾 - https://bitbucket.org/haypo/hachoir/wiki/hachoir-urwid
EXEFilter - http://www.decalage.info/exefilter

rtfproc
rtf程序規則
反轉錄猛禽
即時掃描
rtfobj
rtf解析器
rtf轉儲

PDF 串流轉儲器 - http://sandsprite.com/blogs/index.php?uid=7&pid=57
PDF 解析器 - https://blog.zynamics.com/2010/09/03/pdf-dissector-1-7-0-released/
PDF 工具 - https://blog.didierstevens.com/programs/pdf-tools/
pdfid.py - https://blog.didierstevens.com/programs/pdf-tools/
pdfparser.py - https://blog.didierstevens.com/programs/pdf-tools/
peepdf.py - https://github.com/jesparza/peepdf
qpdf - http://qpdf.sourceforge.net/
pdf訊息
pdf2txt
pdf分離

Kahu安全工具 - http://www.kahusecurity.com/tools.html
DidierStevensSuite - https://github.com/DidierStevens/DidierStevensSuite
很棒的惡意軟體分析清單 - https://github.com/rshipp/awesome-malware-analysis
很棒的倒車清單 - https://github.com/tylerha97/awesome-reversing
Remnux - https://remnux.org/
SANS SIFT - https://digital-forensics.sans.org/community/downloads
FireEye FLARE-VM - https://github.com/fireeye/flare-vm
FireEye CommandoVM - https://github.com/fireeye/commando-vm
Webshel​​l-intel - https://github.com/Neo23x0/webshel​​l-intel
惡意軟體行為 - https://github.com/MAECProject/malware-behaviors
MalTrail - https://github.com/stamparm/maltrail

YaraScanner - https://github.com/mitre/yararules-python
Yara 分析器 - https://github.com/Neo23x0/yarAnalyzer
Yara 產生器 - https://github.com/Neo23x0/yarGen
Awesome-Yara - https://github.com/Neo23x0/awesome-yara
惡意軟體簽名 - https://github.com/Neo23x0/malware-signatures
簽名集 - https://github.com/Neo23x0/signature-base
Yara 規則 - https://github.com/Neo23x0/rules
mkYARA - https://blog.fox-it.com/2019/03/28/mkyara-writing-yara-rules-for-the-lazy-analyst/

VT 調查員論文 - https://storage.googleapis.com/vt-gtm-wp-media/virustotal-for-investigators.pdf