Malware Analysis Collective Intelligence

During reverse engineering and incident response procedure it is always advisable to detect about malware activities which can hint on various processes. Here are some of the collective intelligence for malware sample sites which are helpful to understand about malware domains , malware IOCs.

Malware Analysis Websites and Blogspots

  1.   Unit 42 :
    • Latest research reports and news from Unit 42, the Palo Alto Networks () Threat Intelligence Team.
    • This blogspot provides updated malware analysis with the help of MISP – [Malware  Information Sharing Platform and Threat Sharing] platform.
  2. :
    • A really good and old blogspot managed by Brad @malware_traffic
      Since the summer of 2013, this site has published over 1,100 blog entries about malware or malicious network traffic.  Almost every post on this site has pcap files or malware samples (or both)
  3. :
    • Malware analysis blogspot managed by @dvk01uk and good hangout for exploit kits as well as Botnet analysis.
  4. :
    • Blogspot managed by Arnaud Delmas – French Security Engineer / Reverser for Malware analysis / Reverse engineering
  5. :
    • Good resource for malware analysis and managed by Vitali Kremez – Reverse Engineer / Director of Research |
    • Malware analysis blogspot managed by @HazMalware consists of analysis for Malware , Malcious Documents, Reverse Engineering.
  8.   theZoo 
    •  theZoo’s purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.
    • This website is a resource for security professionals and enthusiasts also consists of malware domains and IOCs like crypto mining, Ransom, Fake.PCN, Malspam, Trojan.Backdoor, Gateway to Exploit Kits , C & C domains.
  9. :
  10. :
    • Blogspot managed by @Zerophage1337 Presenting exploit kits such as Rig and the malware they drop in a different way.
    • This website provides ZeuS BinaryURLs, ZeuS C&C servers tracked
    • Website is a Good resource for Md5 VirusTotal Report, malware IOCs, domain lists.
    • This website consists of list of new dangerous domains and subdomains.
    • This site is providing access to database which contains data such as: URL, MD5, IP, TLD.
    • ThreatLog is a service developed by NoVirusThanks Company Srl that keeps track of malicious activity detected by internal honeypots and sandboxes or submitted by users.
    • Website log malicious domains associated with malware, phishing, scam, fraud and spam.
    • consists of Latest malware URL found by Anti-Virus Cloud engine.
    • This site is a useful resources consists of 29,472,066 samples currently.
    • Website consists of malware entries categorised as Iframes, redirections and javascript.
    • This website consists of database of malicious URLs.
    • This website is a resource for malicious URLs, IOCs and samples.
    • A free Malware repository providing researchers access to samples, malicous feeds and Yara results.
    • Website is a resource for MD5, SHA1 hashes of various malwares.
    • Resource for a malware analysis service and malware repository currently the database contains 4,950,528 samples.
    • A collection of computer malware samples (for PC) except Android.
    • Resource for 1189071 malware domains.
    • Malware repository for search via MD5, SHA1, SHA256, or an antivirus name.
    • Repository for malware samples, payloads, file details and MD5 hashes.
    • Malware Corpus Tracker – Malicious Download Sites
    • DAS MALWERK collects executable malware from all kinds of shady places on the internet.
    • Resource for malware samples, APT campaigns.
  14.   ring0x0/honeydrops : An automated collection and analysis of malware from honeypots managed by Derrick @Ring0x0  – threat researcher

Automated Malware Analysis Sandboxes and Services

  1. :
    • This service currently detects 499 different ransomwares
  2. Malwr
    • Consists of  total of 789487 public analyses.
    • Cuckoo sandbox Repository for malware analysed samples.
  4. VxStream Sandbox
    • VxStream Sandbox Repository for malware samples.
  5. ThreatExpert
  6. Akana
    • Resources for online malware samples of android apk files
  7.  Valkyrie
    •  Valkyrie conducts several analysis using run-time behavior and hundreds of features from a file and based on analysis results can warn users against malware undetected by classic Anti-Virus products.
  8. Detux Sandbox
    • Analyze linux malwares on x86, x86-64, ARM, MIPS and MIPSEL cpu architecture.
  9. Joe Sandbox Cloud
    • Repository for analysed malware samples.
  10. ViCheck
    • Consists of uploading samples of suspected malware to be fed into analysis network and report back.


Twitter Accounts to follow for updated analysis

Here we are presenting lists of some of the malware hunters which will provide updated analysis.

  1.  Kafeine @kafeine : Twitter handle for blogspot which a good resource for malware hunting and analysis with the help of MISP platform.
  2. Costin RaiuVerified account @craiu : Romanian antihacker; chief paleontologist; director of Global Research and Analysis Team at Kaspersky Lab
  3.  Microsoft MMPC @msftmmpc : Twitter handle for Microsoft Malware Protection Center.
  4.  Eyal Sela @eyalsela : Head of Threat Intelligence at ClearSky.
  5.  My Online Security @dvk01ukWindows Insider MVP | Security Alerts | virus Alerts | Malspam alerts
  6.  Zerophage @Zerophage1337Presenting exploit kits such as Rig and the malware they drop in a different way.
  7.  zerosum0x0 @zerosum0x0security researcher, internals abuser, exploit+shellcode  author, speaker
  8.  EKTracker @baberpervez2 :  Exploit Kit Malware Meta Data Tracker.
  9.  Michael Gillespie @demonslay335Hunter. Creator of ID Ransomware.
  10.  MalwareHunterTeam @malwrhunterteamOfficial MHT Twitter account.
  11.  DevSec#H1 @OpDevSec  :  |
  12.  illegalFawn @illegalFawn Good hanging spot for phishing analysis.
  13.  JAMESWT @JAMESWT_MHT RansomWare and Malware analyst.
  14.  Vitali Kremez @VK_Intel – Ethical Hacker | Reverse Engineer | Director of Research |
  15.  Brad @malware_traffic – Sharing information on malicious network traffic and malware samples
  16. Benkow moʞuƎq @benkow_  – Tracker
  17. Kimberly @StopMalvertisin – Stop Malvertising investigates current malware trends and the distribution of malware exploits. Senior Threat Analyst at Proofpoint.
  18. MinotaurAnalysis @Minotr_Analysis :  Community Malware Analysis Platform which provides automated malware analysis with malware factor and confidence factor, complete list can be accessed here

One thought on “Malware Analysis Collective Intelligence

Comments are closed.

%d bloggers like this: