3rd-party lists
- hslatman/awesome-malware-analysis - A curated list of awesome malware analysis tools and resources
- sully90h/practical-malware-analysis - Exercise writeups from the book Practical Malware Analysis
- objective-see: The Mac Malware of 2020
- The Art Of Mac Malware: Analysis
- MalwareBazaar | Browse malware samples
Quarantine
- ernw/quarantine-formats - Documentation and parsers for different anti-virus quarantine formats
- hexacorn: This is a simple script that attempts to decrypt Quarantine files from various AV / security products
Uncategorized
- mandiant/flare-fakenet-ng - [Suspended] Next Generation Dynamic Network Analysis Tool - 2020停更
- splunk/attack_data - A repository of curated datasets from various attacks
- jjyg/metasm - a free assembler / disassembler / compiler written in ruby
- fireeye/capa - The FLARE team's open-source tool to identify capabilities in executable files - 能够识别二进制文件的能力,比如发起HTTP请求、反调试、读写文件等等
- sysopfb/malware_decoders - Static based decoders for malware samples
- eset/malware-research - Code written as part of our various malware investigations - 各种好用的IDA脚本,主要是参考价值大
- cryps1s/DARKSURGEON - a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense
- alexandreborges/malwoverview - a simple tool to perform an initial and quick triage on a directory containing malware samples - 1.5K star
- BillyONeal/Instalog - Windows malware analysis logging tool
- chenerlich/FCL - CL (Fileless Command Lines) - Known command lines of fileless malicious executions
- Neo23x0/Fnord - Pattern Extractor for Obfuscated Code
- jas502n/DriveLife-PsTrojan - 驱动人生样本
- APT Encounters of the Third Kind - NFS协议后门
- CyberMonitor/APT_CyberCriminal_Campagin_Collections - APT & CyberCriminal Campaign Collection - 2.1K star,各种报告集合,持续更新
- Malware Analysis Tools
- recon18 - Modern Linux Malware Exposed
- benoitsevens/applying-ttd-to-malware-analysis - Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019