28
sites to download malware
28
Archived
sites to download malware
http://vx.zedz.net https://github.com/ytisf/theZoo http://12kbps.xyz/repo/vir (user: 12kbps pass:motherfucker) http://vx-archiv.at/ http://virusshare.com (you need to register) thanks me later
78% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
Sort by
level 1
thank you, this my list when I was interested in malware analysis
....
Das Malwerk: Free
FreeTrojanBotnet: (registration required)
MalShare: (registration required)
Malware.lu’s AVCaesar: (registration required)
MalwareBlacklist: (registration required)
Malware DB: Free
Malwr: (registration required)
Open Malware: Free
theZoo aka Malware DB: Free
Virusign: Free
The premier Malware sample dump Contagio (http://contagiodump.blogspot.com/)
KernelMode.info (Focuses on Win32 and novel rootkit techniques)
http://malc0de.com/database/
http://www.malwaredomainlist.com/mdl.php
http://www.malwaredomainlist.com/update.php (Malware Domain List)
http://www.malwareblacklist.com/showMDL.php
http://support.clean-mx.de/clean-mx/viruses.php
http://malshare.com/ (registration required)
http://malc0de.com/database/
https://zeustracker.abuse.ch/monitor.php?browse=binaries http://www.sacour.cn/showmal.asp?month=8year=2012
http://malwaredb.malekal.com/ (registration required)
http://blog.urlvoid.com/new-list-of-dangerous-websites-to-avoid
http://www.scumware.org
http://www.threatlog.com
http://adminus.net (For sample requests use contact email adminus.xs(at)gmail(dot)com) http://jsunpack.jeek.org/?list=1 (RSS feed)
http://www.malwareurl.com/ (free registration required)
http://contagiodump.blogspot.com/2011/03/take-sample-leave-sample-mobile-malware.html (Mobile malware samples)
http://virussign.com/downloads.html (registration required)
http://www.nothink.org/viruswatch.php
http://dashke.blogspot.com/
http://malware.lu/ (registration required to download)
http://www.nictasoft.com/ace/malware-urls/
http://virusshare.com/
http://labs.sucuri.net/
http://freelist.virussign.com/freelist/
http://malwareurls.joxeankoret.com/normal.txt
http://malwared.malwaremustdie.org/index.php?page=1
http://ytisf.github.io/theZoo/
http://amtrckr.info/
http://malwaria.cf
http://urlquery.net/ (URL Query)
http://www3.malekal.com/malwares/ (Malekal.com list of malware)
http://vxvault.siri-urz.net/ViriList.php? (VX Vault)
http://siteinspector.comodo.com/recent_detections (Site Inspector by Comodo)
http://www.scumware.org/index.scumware (Scumware.org)
http://malc0de.com/database/ (Malc0de Database)
http://labs.sucuri.net/?malware (Sucuri Malware Labs)
http://support.clean-mx.de/clean-mx/viruses (Clean-MX Realtime database)
http://labs.snort.org/iplists/ (Sourcefire Vulnerability Research Team Labs)
https://zeustracker.abuse.ch/monitor.php?browse=binaries (Zeus Tracker)
http://minotauranalysis.com/malwarelist-urls.aspx (NovCon Minotaur Analysis System)
level 2
What would you say are some prerequisites to malware analysis?
level 2
Mind sharing this to https://github.com/rshipp/awesome-malware-analysis?
level 2
vxheaven is dead, long live vxheaven vxvault need a password
level 1
I know that this is Probs a dead sub but does anyone know a website for early 90's and 2000's malware besides of vxheaven and vx-arch.ive?
More posts from the Malware community
21
As you all probably know, in the solarwinds backdoor there is a check for existence of many analysis tools and EDRs.
i guess one good usage of this list is for us malware analysts to learn about malware analysis and forensic tools and EDR that we never knew about before lol
so do you guys find any interesting tool/EDR here? considering that this is a very complex attack, there might be obviously checks for some tools/EDRs that maybe very few companies use/know about..
Which EDR do you think NSA uses?
here's the list :
source : https://github.com/ITAYC0HEN/SUNBURST-Cracked/blob/main/OrionImprovementBusinessLayer_modified.cs
apimonitor-x64 (Rohitab - RE/Malware analysis)
apimonitor-x86 (Rohitab - RE/Malware analysis)
autopsy64 (Autopsy - Forensics)
autopsy (Autopsy - Forensics)
autoruns64 (Autoruns - RE/Malware analysis)
autoruns (Autoruns - RE/Malware analysis)
autorunsc64 (Autoruns - RE/Malware analysis)
autorunsc (Autoruns - RE/Malware analysis)
binaryninja (Binary Ninja - RE/Malware analysis)
blacklight (Blacklight - Forensics)
cff explorer (NTCore Explorer Suite - RE/Malware analysis)
cutter (Rizin Cutter - RE/Malware analysis)
de4dot (de4dot - Forensics)
debugview (DebugView - RE/Malware analysis)
diskmon (DiskMon - RE/Malware analysis)
dnsd (Symantec - Antivirus)
dnspy (dnSpy - RE/Malware analysis)
dotpeek32 (dotPeek - RE/Malware analysis)
dotpeek64 (dotPeek - RE/Malware analysis)
dumpcap (Wireshark - RE/Malware analysis)
evidence center (Belkasoft Evidence Center - Forensics)
exeinfope (Exeinfo PE - RE/Malware analysis)
fakedns (fakedns (iDefense) - RE/Malware analysis)
fakenet (fakenet - RE/Malware analysis)
ffdec (Free Flash Decompiler - RE/Malware analysis)
fiddler (Fiddler - RE/Malware analysis)
fileinsight (McAfee - RE/Malware analysis)
floss (FireEye - RE/Malware analysis)
gdb (gdb - RE/Malware analysis)
hiew32demo (Hiew - RE/Malware analysis)
hiew32 (Hiew - RE/Malware analysis)
hollows_hunter (hollows hunter - RE/Malware analysis)
idaq64 (IDA - RE/Malware analysis)
idaq (IDA - RE/Malware analysis)
idr (InsightDR? - RE/Malware analysis)
ildasm (IL Disassembler - RE/Malware analysis)
ilspy (ILSpy - RE/Malware analysis)
jd-gui (Java Decompiler - RE/Malware analysis)
lordpe (LordPE - RE/Malware analysis)
officemalscanner (Officemalscanner - RE/Malware analysis)
ollydbg (OllyDbg - RE/Malware analysis)
pdfstreamdumper (PDFStreamDumper - RE/Malware analysis)
pe-bear (PE-bear - RE/Malware analysis)
pebrowse64 (Pebrowser - RE/Malware analysis)
peid (PeiD - RE/Malware analysis)
pe-sieve32 (PE-sieve - RE/Malware analysis)
pe-sieve64 (PE-sieve - RE/Malware analysis)
pestudio (pestudio - RE/Malware analysis)
peview (Peview - RE/Malware analysis)
pexplorer (Pexplorer - RE/Malware analysis)
ppee (PPEE - RE/Malware analysis)
ppee (PPEE - RE/Malware analysis)
procdump64 (ProcDump - RE/Malware analysis)
procdump (ProcDump - RE/Malware analysis)
processhacker (Process Hacker - RE/Malware analysis)
procexp64 (Process Explorer - RE/Malware analysis)
procexp (Process Explorer - RE/Malware analysis)
procmon (ProcMon - RE/Malware analysis)
prodiscoverbasic (ProDiscovery - Forensics)
py2exedecompiler (Py2ExeDecompiler - RE/Malware analysis)
r2agent (Radare2 - RE/Malware analysis)
rabin2 (Radare2 - RE/Malware analysis)
radare2 (Radare2 - RE/Malware analysis)
ramcapture64 (Ram Capturer - Forensics)
ramcapture (Ram Capturer - Forensics)
reflector (Red Gate Reflector - RE/Malware analysis)
regmon (RegMon - RE/Malware analysis)
resourcehacker (Resource Hacker - RE/Malware analysis)
retdec-ar-extractor (Avast RetDec - RE/Malware analysis)
retdec-bin2llvmir (Avast RetDec - RE/Malware analysis)
retdec-bin2pat (Avast RetDec - RE/Malware analysis)
retdec-config (Avast RetDec - RE/Malware analysis)
retdec-fileinfo (Avast RetDec - RE/Malware analysis)
retdec-getsig (Avast RetDec - RE/Malware analysis)
retdec-idr2pat (Avast RetDec - RE/Malware analysis)
retdec-llvmir2hll (Avast RetDec - RE/Malware analysis)
retdec-macho-extractor (Avast RetDec - RE/Malware analysis)
retdec-pat2yara (Avast RetDec - RE/Malware analysis)
retdec-stacofin (Avast RetDec - RE/Malware analysis)
retdec-unpacker (Avast RetDec - RE/Malware analysis)
retdec-yarac (Avast RetDec - RE/Malware analysis)
rundotnetdll (RunDotNetDLL - RE/Malware analysis)
sbiesvc (Sandboxie - Virtualization/container)
scdbg (SCDBG - RE/Malware analysis)
scylla_x64 (Scylla - RE/Malware analysis)
scylla_x86 (Scylla - RE/Malware analysis)
shellcode_launcher (Shellcode Launcher - RE/Malware analysis)
solarwindsdiagnostics (SolarWinds - dev/test)
sysmon64 (Sysmon - EDR)
sysmon (Sysmon - EDR)
task explorer (Task Explorer - RE/Malware analysis)
task explorer-64 (Task Explorer - RE/Malware analysis)
tcpdump (tcpdump - RE/Malware analysis)
tcpvcon (TCPView - RE/Malware analysis)
tcpview (TCPView - RE/Malware analysis)
vboxservice (VirtualBox - Virtualization/container)
win32_remote (IDA - RE/Malware analysis)
win64_remotex64 (IDA - RE/Malware analysis)
windbg (WinDbg (Microsoft) - RE/Malware analysis)
windump (WinPcap WinDump - RE/Malware analysis)
winhex64 (WinHex - RE/Malware analysis)
winhex (WinHex - RE/Malware analysis)
winobj (WinObj - RE/Malware analysis)
wireshark (Wireshark - RE/Malware analysis)
x32dbg (x64dbg - RE/Malware analysis)
x64dbg (x64dbg - RE/Malware analysis)
xwforensics64 (X-Ways Forensics - RE/Malware analysis)
xwforensics (X-Ways Forensics - RE/Malware analysis)
redcloak (Red Cloak / SecureWorks - EDR)
avgsvc (AVG - Antivirus)
avgui (AVG - Antivirus)
avgsvca (AVG - Antivirus)
avgidsagent (AVG - Antivirus)
avgsvcx (AVG - Antivirus)
avgwdsvcx (AVG - Antivirus)
avgadminclientservice (AVG - Antivirus)
afwserv (Avast - Antivirus)
avastui (Avast - Antivirus)
avastsvc (Avast - Antivirus)
aswidsagent (Avast/AVG - Antivirus)
aswidsagenta (Avast/AVG - Antivirus)
aswengsrv (Avast/AVG - Antivirus)
avastavwrapper (Avast - Antivirus)
bccavsvc (Avast - Antivirus)
psanhost (Panda Security - EDR)
psuaservice (Panda Security - EDR)
psuamain (Panda Security - EDR)
avp (Kaspersky - Antivirus)
avpui (Kaspersky - Antivirus)
ksde (Kaspersky - EDR)
ksdeui (Kaspersky - EDR)
tanium (Tanium - EDR)
taniumclient (Tanium - EDR)
taniumdetectengine (Tanium - EDR)
taniumendpointindex (Tanium - EDR)
taniumtracecli (Tanium - EDR)
taniumtracewebsocketclient64 (Tanium - EDR)
cybkerneltracker.sys (CyberArk - EDR)
atrsdfw.sys (Altiris / Symantec - EDR)
eaw.sys (Raytheon Cyber Solutions - EDR)
rvsavd.sys (OPSWAT / CJSC Returnil - EDR)
dgdmk.sys (Verdasys - EDR)
sentinelmonitor.sys (SentinelOne - EDR)
hexisfsmonitor.sys (Hexis Cyber Solutions - EDR)
groundling32.sys (Dell Secureworks - EDR)
groundling64.sys (Dell Secureworks - EDR)
safe-agent.sys (SAFE-Cyberdefense - EDR)
crexecprev.sys (Cybereason - EDR)
psepfilter.sys (Absolute Software - EDR)
cve.sys (Absolute Software Corp. - EDR)
brfilter.sys (Bromium - App allowlisting)
brcow_x_x_x_x.sys (Bromium - App allowlisting)
lragentmf.sys (LogRhythm - EDR)
libwamf.sys (OPSWAT - EDR development)
19
https://github.com/Finch4/Malware-Analysis-Reports/tree/main/03.01.2021/Agent%20Tesla%20Dropper
P.S: This is my first report, unfortunately incomplete at the moment, please don't be rude, any constructive suggestion is accepted. Thanks u/Struppigel for your support.
*Unfortunately
10
Hi, currently I'm still studying from various resources, see my precedent post for some info, but I need more answers about find a job, my plan is to do some practice, write some reports and then try to find a job, I have already the basic requirements of a Junior position (according to the requirements written in a job opportunity that I watched searching on Linkedin, like Dr.Web or others), but I'm just 17 and the big problem is that I'm Italian, I don't think here there are a lot of job opportunity, what can I do?
9
Hello internet!
I'm looking for ressources about ransomware detection. i found a lot of "good practice" and "how to use our commercial ransomware protection", but not so much on how technically you can detect ransomware. If you had any advices and/or good ressources i would be grateful :)
4
2
Hi, so because I'm having some difficulties with crypto, I tried to write a rappresentation in Python of RC4 in the hope that can help also others.
s = [31,26,7,10,23,3,20,30,14,4,16,15,29,8,2,9,21,19,11,6,12,17,25,24,0,22,13,27,5,1,28,18] # This will be our array of data
Now let's declare the counters manually:
i = 0
j = 0
Ok, first step is: add one to i:
i += 1
Second step: Add the value of s[i] to j
j = s[i]
Third step: swap the value of s[i] with s[j]:
value_of_i = s[i] # Save the values for the swap
value_of_j = s[j]
s[i] = value_of_j # Swapping the values
s[j] = value_of_i
Let's check the array:
>>> s
[31, 13, 7, 10, 23, 3, 20, 30, 14, 4, 16, 15, 29, 8, 2, 9, 21, 19, 11, 6, 12, 17, 25, 24, 0, 22, 26, 27, 5, 1, 28, 18]
Nice, everything worked, now the fourth and last step: add (s[i] and s[j]) and mod for the length of the array %len(s), so:
index_RC4 = (s[i] + s[j])%len(s)
Check the value:
>>> index_RC4
7
Now let's get the value from the array:
encrypted_value = s[index_RC4]
>>> encrypted_value
30
Nice, everything went fine, you can watch everything I did in this video
P.S: If there are errors tell me, I hope this can help someone.
2
Hi. This morning I got notification that my phone (motorola one zoom) has malware in bluetooth and I can't figure out how to get rid of him. Also I couldn't find anything about it on internet so I hope someone could help me here. Thanks.
1
It was quite useful in malware research. In my case, it was useful for writing Mcafee VSE/EPO rules for an MSP.
1
I'm just starting to learn about mac malware, so I'm not sure what other options I might be missing. Any.run, Crowdstrike Falcon, and the free estonian Cuckoo.cert.ee only seem to have Windows and Linux and/or Android. (It seems that setting up your own Cuckoo sandbox is quite a headache, so that doesn't seem worth attempting for just beginner stage learning/research.)
If you've used Joe Sandbox extensively for the mac options, could you share any insights/tips? Also what's the pricing like for CloudPro? (It's not listed on the website.) Has anyone been able to get a student/researcher plan?
Re:VMray's analyzer -- I see that it has an option to simulate reboot, which seems like a unique but important feature among the tools I've looked at so far. Are there other tools that can do that?
Thanks very much for the help.
0
Hello.
Today, I experienced something quite unusual.
When I was strolling around youtube, with no other fans open, I hear "Hello, I'm just a voice, playing in a distant tab." I quickly tried looking around, to see if I had a tab open, and some sort of youtube video playing, meant to scare people. After about 2-3 minutes of looking in task manager for any hidden tabs, I found nothing that could admit the voice, that suddenly played. Has anyone experienced this, or have you ever heard about something that could be a possible lead to this? I checked my anti-virus, found a couple of hits, but they were all from the cheats that i was using, already in quarantine way before I heard the voice playing.
What could this be?
Continue browsing in r/Malware
Reddit Inc © 2021. All rights reserved