Armas Para Hacking | Malware Analisis

Cerca de navidad y nosotros en RedBird con nuestras cosas, en este caso con ayuda de un viejo amigo, les presentamos esta recopilación de herramientas y recursos para el análisis de malware.

Contenido del Post

• 1.- Lista de malware y bases de datos
• 2.- Análisis de malware en tiempo real
• 3.- Herramientas para análisis de sitios web
• 4.- Blacklists y IPs dañinas
• 5.- Sandbox
• 6.- Discontinuados
• 7.- Análisis de PDF/DOC/PDF/JS

1.- Lista de malware y bases de datos

• https://github.com/rshipp/awesome-malware-analysis
• http://www.malwaredomainlist.com/mdl.php
• http://www.malwareblacklist.com/showMDL.php
• http://support.clean-mx.de/clean-mx/viruses.php
• http://malc0de.com/database/
• https://zeustracker.abuse.ch/monitor.php?browse=binaries
• https://spyeyetracker.abuse.ch/monitor.php?browse=binaries
• http://amada.abuse.ch/palevotracker.php
• http://www.sacour.cn/showmal.asp?month=8year=2012
• http://malwaredb.malekal.com/ (requiere registro)
• http://blog.urlvoid.com/new-list-of-dangerous-websites-to-avoid
• http://www.scumware.org
• http://secuboxlabs.fr
• http://www.threatlog.com
• http://minotauranalysis.com/exetweet/
• http://minotauranalysis.com/malwarelist.php
• http://adminus.net
• http://jsunpack.jeek.org/?list=1
• http://blackip.ustc.edu.cn/bytime.html
• http://www.malwareint.com
• http://www.blade-defender.org/eval-lab
• http://www.malwareurl.com/ (requiere registro gratuito)
• http://www.offensivecomputing.net/ (requiere registro gratuito)
• http://contagiodump.blogspot.com/ (malware para móviles)
• http://virussign.com/downloads.html (registro requerido)
• http://www.nothink.org/viruswatch.php
• http://dashke.blogspot.com/
• http://malware.lu/ (registro requerido para descarga)
• http://www.nictasoft.com/ace/malware-urls/
• http://reviewsantivirus.blogspot.com/
• http://virusshare.com/
• http://labs.sucuri.net/
• http://freelist.virussign.com/freelist/
• https://malware.dontneedcoffee.com/blog/

eBook - 10 Exploit de Ingeniería Social

2.- Análisis de malware en tiempo real

• AMAaaS (Android files)
• Any.run (Community Edition)
• Binary Guard True Bare Metal
• Intezer Analyze (Community Edition)
• IRIS-H (focuses on document files)
• CAPE Sandbox
• Comodo Valkyrie
• Detux Sandbox (Linux binaries)
• Joe Sandbox Cloud (Community Edition)
• sandbox.pikker.ee
• SecondWrite (free version)
• SNDBOX
• Hybrid Analysis
• ThreatTrack
• ViCheck
• VirusTotal
• Metadefender OPSWAT

3.- Herramientas para análisis de sitios web

• AbuseIPDB
• BrightCloud URL/IP Lookup
• Comodo Web Inspector
• Desenmascara.me
• FortiGuard lookup
• Google Safe Browsing
• hashdd
• IBM X-Force Exchange
• Joe Sandbox URL Analyzer
• Is It Hacked
• IsItPhishing
• Kaspersky VirusDesk
• KnownSec
• Norton Safe Web
• Palo Alto Networks URL Filtering
• PhishTank
• Malware Domain List
• MalwareURL
• McAfee TrustedSource
• MxToolbox
• Open Threat Exchange
• PassiveTotal
• Pulsedive
• Quttera ThreatSign
• Reputation Authority
• Scamadviser
• Sucuri SiteCheck
• Talos Reputation Lookup
• Trend Micro Site Safety Center
• Unmask Parasites
• URL Query
• urlscan.io
• URLVoid y IPVoid
• VirusTotal
• vURL
• ThreatMiner
• WebPulse Site Review
• Zscaler Zulu URL Risk Analyzer

4.- Blacklists y IPs dañinas

• Apility.io
• Artists Against 419
• ATLAS from Arbor Networks
• Blackweb Project: Optimizado para Squid
• CLEAN-MX Realtime Database
• CriticalStack Intel Marketplace
• CYMRU Bogon List
• DShield Blocklist
• FireHOL IP List
• Google Safe Browsing API
• hpHosts File
• Malc0de Database
• Malware Domain Blocklist
• MalwareDomainList.com Hosts List
• Malware Patrol’s Malware Block Lists
• MalwareURL List
• OpenPhish
• PhishTank Phish Archive
• Project Honey Pot’s Directory of Malicious IPs
• Risk Discovery
• Scumware.org
• Shadowserver IP and URL Reports:
• Squidblacklist.org
• URLhaus
• VoIP Blacklist
• ZeuS Tracker Blocklist y URLs
• www.BlockList.de

5.- Sandbox

• Anlyz https://sandbox.anlyz.io
• Any.run https://app.any.run
• Comodo Valkyrie (https://valkyrie.comodo.com)
• Hybrid Analysis (Falcon Sandbox) (http://www.hybrid-analysis.com/)
• Intezer Analyze https://www.intezer.com
• SecondWrite Malware Deepview https://www.secondwrite.com
• ViCheck https://vicheck.ca/ (static analysis)
• Jevereg (Amnpardaz Sandbox) http://jevereg.amnpardaz.com/
• IObit Cloud http://cloud.iobit.com
• ThreatTrack ThreatAnalyzer: https://www.threattrack.com/malware-analysis.aspx
• VMRay Analyzer: https://www.vmray.com

6.- Discontinuados

• Anubis http://anubis.iseclab.org/ (discontinued)
• BinaryGuard (TBM Cloud Sandbox) http://www.binaryguard.com
• Tried to register, but its website does not work.
• BitBlaze http://bitblaze.cs.berkeley.edu/(discontinued)
• Comodo Instant Malware Analysis http://camas.comodo.com/ (discontinued)
• Deepviz (https://sandbox.deepviz.com/) (services cannot be subscribed anymore)
• Eureka http://eureka.cyber-ta.org/(discontinued)
• Malwr (Cuckoo Sandbox) (http://malwr.com/) (down)
• ThreatExpert Automated Threat Analysis (redirects to symantec.com) (http://www.threatexpert.com/)
• Viper https://viper.malwareconfig.com/ (down)

7.- Análisis de PDF/DOC/PDF/JS

• Malware Tacker Cryptam Document Scanner (http://www.malwaretracker.com/doc.php)
• ViCheck https://vicheck.ca/
• XecScan (http://scan.xecure-lab.com/)
• MASTIFF Online (https://mastiff-online.korelogic.com)
• Malware Tracker PDF Examiner (http://www.malwaretracker.com/pdf.php)
• Android Sandboxes / Analyzers:
• Akana http://akana.mobiseclab.org
• AndroTotal https://andrototal.org
• SandDroid http://sanddroid.xjtu.edu.cn
• Nviso https://apkscan.nviso.be/
• Detux Multiplatform Linux Sandbox http://detux.org/