Malware | I.R | T.H | T.I | Resources

Network Analysis Tools
1. Wireshark
  1. Windows. MacOs, Linux
2. NetworkMiner
  1. Windows
3. Network Monitor
  1. Windows
4. Fiddler
  1. Windows
5. FakeNet
  1. Windows, Linux
6. INetSim
  1. Linux
7. ApateDNS
  1. Windows
8. Free
Reverse Engineering Tools
1. IDA
  1. Windows
    1. Windows
2. Cutter
  1. Windows
3. Radare
  1. Linux
4. Ghidra
  1. All Os Patform
5. Free
6. Paid/Free
Yara Tools
1. Yara
2. Yara Doc
3. Yara Gen
4. Free
Dynamic Analysis Tools
1. Sysinternals
  1. Windows
2. Process Hacker
  1. Windows
3. NirSoft
  1. Windows
4. RegRipper
  1. Windows
5. Regshot
  1. Windows
6. Resource Hacker
  1. Windows
7. HxD
  1. Windows
8. Sysanalyzer
  1. Windows
9. Winaudit
  1. Windows
10. Capturebat
  1. Windows
11. Object-See
  1. MacOs
12. Free
Memory Analysis Tools
1. Volatility
  1. Windows, MacOS, Linux
2. Rekall
  1. Windows, MacOS, Linux
3. Redline
  1. Widows
4. Free
APT's Reference:
1. Attack Mitre
2. Threat Actor Encyclopedia
3. Cyber Research
4. ATP Google Sheet
5. FireEye
6. CyberMonitor
7. Florian Roth
8. MalPedia
9. Threat Actor Encyclopedia V 2.0
10. A Threat Actor Encyclopedia
11. APT_Digital_Weapon
12. Contains Malware Samples
Threat Hunting
1. Threat Hunting Reference
  1. Attack&Ck
  2. The ThreatHunting Project
  3. HUNTPEDIA
2. Threat Hunting Practical Activities
  1. EVTX-ATTACK-SAMPLES
  2. Atomic Red Team
  3. ThreatHunt
  4. RedHunt OS
  5. Red Team Automation (RTA)
  6. CALDERA™
  7. PowershellEmpire
3. Threat Hunitng Videos
  1. Adrian Crenshaw
  2. SANS Threat Hunting Summit 2017
  3. SANS Threat Hunting Summit 2016
  4. Toppling the Stack
  5. James Bower
  6. Red Canary
4. Threat Hunting Tools
  1. ELK
  2. HELK
  3. Sysmon
  4. Osquery
  5. ThreatPursuit VM
  6. Free
5. Threat Hunting Course
  1. Cyber Threat Hunting by FireEye
  2. Incident Response and Threat Hunting By SANS
  3. Practical Threat Hunting
  4. Adversary Tactics: Detection by SpecterOps
  5. Adversary Tactics: PowerShell by SpecterOps
  6. Advanced Threat Tactics – Course and Notes
  7. Paid
  8. Free
6. LOLBAS/GTFOBins
  1. LOLBAS
  2. GTFOBins
7. Threat Hunting Blogposts
  1. Red Teaming Experiments
  2. MITRE & ATT&CK
  3. RedCanary
  4. RedCanary Case Studies
  5. Uptycs Blog
Malware Samples
1. VirusBay
  1. Registration
    1. support@virusbay.io
2. Malpedia
  1. Registration
    1. daniel.plohmann@fkie.fraunhofer.de
3. Malshare
  1. Registration
4. TheZoo
  1. No
5. VirusShare
  1. Registration
    1. admin@virusshare.com
6. VX Vault
  1. Registration
7. Cyber Tracker
  1. No
8. Virus Sign
  1. Registration
9. Malware Traffic Analysis
  1. No
10. Contagio
  1. No
11. APT-Sample
  1. No
12. LOLBAN Samples
  1. No
13. Tracker.VirusShare
  1. No
14. MalwareBazzar
  1. Registration
15. Contains Malware Samples
Books:
1. Practical Malware Analysis
2. Learning Malware Analysis
3. Malware Analysis and Detection Engineering
4. Mastering Malware Analysis
5. Practical Reverse Engineering
6. The Art of Memory Forensics
7. Windows Internals, Part 1
8. The IDA Pro Book, 2nd Edition
9. Reverse Engineering for Beginners
10. Paid
11. Free
CTF's
1. Flare-On Challenge
2. Join ESET
3. Beginner Malware Reversing Challenges
4. Reverse Engineering challenges
5. 0x00sec
6. CTF Field Guide
7. MemLabs
Portable Executable [PE] Analysis Tools
1. PE Bear
  1. Windows
2. PortEx
  1. Windows
3. Manalyze
  1. Windows
4. PE Studio
  1. Windows
5. Mastiff
  1. Windows
6. Exeinfo PE
  1. Windows
7. CFF Explorer
  1. Windows
8. PE Tools
  1. Windows
9. FileAlyzer
  1. Windows
10. PE Explorer
  1. Windows
11. PE Insider
  1. Windows
12. PE View
  1. Windows
13. Chimprec
  1. Windows
14. PEID
  1. Windows
15. DIE
  1. Windows. MacOs, Linux
16. Free
File Carving Tools
1. Bulk Extractor
  1. Linux, MacOs
2. EVTXtract
  1. Windows
3. Foremost
  1. Linux, MacOs
4. Hachiir3
  1. All Os Patform
5. Free
Twitter Handle to follow
1. Cyb3rops
2. Fs0c131y
3. Hasherezade
4. Herrcore
5. Lenny Zeltser
6. LiveOverflow
7. Malware Unicorn
8. MalwareTech
9. Ophir Harpaz
10. Samir
11. Sean
12. USCYBERCOM Malware Alert
13. MalwareHunterTeam
14. Shadow Chaser Group
15. vx-underground
YouTube Channel for Malware Analysis
1. OALabs
2. Kindred Security
3. Colin Hardy
4. MalwareAnalysisForHedgehogs
5. Michael Gillespie
6. ReverseIT
7. LiveOverflow
8. hasherezade
9. John Hammond
10. MalwareTech
11. RSA Conferenc
12. Active Channels
Online Sandbox
1. Malpedia
  1. Registration
    1. All os platform
2. Joe SandBox
  1. No
    1. All os platform, Url analyze
3. MalwareBazzar
  1. Yes
    1. Document Analyzer, File Analyze
4. Hybrid Analysis
  1. Yes
    1. All os platform, Url analyze
5. Any Run
  1. User Preference
    1. All os platform, Url analyze
6. Yomi
  1. Yes
    1. Document Analyzer, File Analyze
7. Hatching
  1. Yes
    1. All os platform, Url analyze
8. Cuckoo
  1. No
    1. All os platform, Url analyze
9. Sndbox
  1. Yes
    1. All os platform, Url analyze
10. Virus Total
  1. User Preference
    1. All os platform, Url analyze
11. UrlScan
  1. User Preference
    1. Url analyze
12. Checkphish
  1. User Preference
    1. Url analyze
13. Url Void
  1. No
    1. Url analyze
14. TotalHash
  1. No
    1. Hash Analyzer, IP Analyzer, Domain Analyzer
15. Intezer
  1. Yes
    1. All os platform
16. Maltiverse
  1. Yes
    1. IOC Search engine
17. Malware Sample can download
Memory Acquisition Tools
1. Redline
  1. Widows
2. Belkasoft
  1. Widows
3. Magnet
  1. Widows
4. Ftk Imager
  1. Windows, MacOS
5. Dumpit
  1. Widows
6. LiME
  1. Linux
7. Free
Deobfuscation Tools
1. Decalage
2. De4dot
3. Floss
4. PackerAttacker
5. Unpaker
6. VirtualDeobfuscator
7. XORSearch & XORStrings
8. Unpca.Me
9. Free
10. Registration
Classes/Labs
1. PracticalMalwareAnalysis-Labs
2. Reverse Engineering 101
3. Intro to x86
4. Intro to x86-64
5. Malware Dynamic Analysis
6. Introduction To Software Exploits
7. Intermediate Intel x86
8. Reverse Engineering Malware
9. RPISEC
10. Reverse Engineering 101 Speaker Presentation
11. Reverse Engineering 101 NYU:Poly 2010 (Day 1)
12. Reverse Engineering 101 NYU:Poly 2010 (Day 2)
13. Reverse Engineering for Beginners
14. Malware Analysis
15. Reverse Engineering for Beginners
16. Malware Analysis - CSCI 4976
17. Max Kersten
18. Free
Document Analysis Tools
1. Ole Tool
2. Didier's PDF Tools
3. Origami
4. REMnux
  1. Linux Virtual OS
5. PDF
6. ViperMonkey
7. Free
Disassembler Tools
1. X64
  1. Widows
2. OllyDbg
  1. Widows
3. ILSpy
  1. Widows
4. DNSpy
  1. Widows
5. GDB
  1. All Os Platform
6. Binary Ninja
  1. All Os Platform
7. Qira
  1. Linux
8. Free
Offline Sanbox
1. Cuckoo
  1. All Os Platform
    1. Document Analyzer, File Analyzer
2. Limone
  1. Widows
    1. Document Analyzer, File Analyzer, Memory Analyzer
3. Noriben
  1. Widows
    1. Document Analyzer, File Analyzer
4. Assemblyline 4
  1. Widows
    1. Document Analyzer, File Analyzer
5. Free
Malware Analysis Course
1. Malware Analysis Master Course
2. FOR610
3. Malware Analysis Mindset Training
4. Reversing & Malware Analysis Training
5. Advanced Malware Analysis Training
6. Paid
7. Free
Threat Intelligence/ RSS Feeds
1. badips.com
2. bambenekconsulting for domain
3. bambenekconsulting for IP
4. blocklist
5. blocklistnetua
6. botvrij for domain
7. botvrij for IP
8. charlesthehaleys
9. CiArmy.com
10. cinsscore
11. cybercrimetracker
12. dan_me
13. danger.rulez.sk
14. disconnect.me
15. dshield.org
16. dydns
17. emergingthreats for botcc
18. fedotracker
19. greensnow
20. h3xtracker
21. hphosts for malware
22. iblocklist
23. ibmxforce
24. intercept.sh
25. intercept.sh
26. malc0de
27. malware_traffic
28. malwared.malwaremustdie.org
29. malwaredomainlist
30. openphish
31. phishtank
32. botherder
33. stamparm
34. report.cs.rutgers.edu
35. rules.emergingthreats.net
36. sslbl.abuse.ch
37. threatsourcingdomain
38. threatsourcingip
39. torstatus
40. urlhaus
41. urlvir IP
42. urlvir Host
43. vxvault
44. whoisds
45. www.binarydefense.com
46. zerodot for Domain
47. zerodot for IP
48. Free/Online
Virtual Machines (VMs)
1. Virtual Environment
  1. Windows
2. OsBoxes
  1. Linux
    1. username is 'osboxes.org' and the password is 'osboxes.org'.
3. Flare VM (FireEye)
  1. Windows
4. OA Labs VM
  1. Windows
5. REMnux
  1. Linux
6. Detection Lab
  1. Windows
7. Reverse Engineer's Toolkit
  1. Windows
8. Free
Scripts
1. AnalysisScipt
  1. Python
2. Malware Analysisi Scripts
  1. Python
3. Malware-Analysisi
  1. C, IDA, Python, Ruby, Yara
4. MAUPS
  1. Python
5. VirusTotal_API_Tool
  1. Python
6. FindYara
  1. Python, IDA
7. IR TI Scripts
  1. Python
8. Hasherezade
  1. Tools
9. Florian Roth
  1. Python, Yara, Tools
10. Free
Honeypot Reference
1. Conpot
  1. ICS/SCADA honeypot.
2. Cowrie
  1. SSH honeypot based on Kippo.
3. DemoHunter
  1. Low interaction Distributed Honeypots.
4. Dionaea
  1. Honeypot designed to trap malware.
5. Glastopf
  1. Web application honeypot.
6. Honeyd
  1. Create a virtual honeynet.
7. HoneyDrive
  1. Honeypot bundle Linux distro.
8. Honeytrap
  1. Opensource system for running monitoring and managing honeypots.
9. MHN
  1. Centralized server for management and data collection of honeypots.
10. Mnemosyne
  1. A normalizer for honeypot data; supports Dionaea.
11. Thug
12. Free
By Shilpesh Trivedi