All about Malware

CIRCL hashlookup

 https://hashlookup.circl.lu/

Dataset | Malware

Lookup files by their md5 or sha1 hashes. The response contains information such as the filename, size or where the file was found, like a Linux package. On the website you have the API documentation which can be used directly from the browser.



Malware Bazaar

 https://bazaar.abuse.ch/

Dataset | Malware

The Malware Bazaar is a project by abuse.ch to create an open repository with malware samples. The repository is small in size, but it can be freely downloaded and contributed by everyone. It only contains malicious files, which is in contrast to common malware feeds like Virustotal.


Shadowserver Scanning Project

 https://scan.shadowserver.org/

DNS | Dataset | Malware | Network

The Shadowserver Scanning projects performs regular Internet wide scans for many protocols. They scan for four main types of protocols:

  1. Amplification protocols, e.g., DNS or NTP
  2. Botnet protocols, e.g., Gameover Zeus or Sality
  3. Protocols that should not be exposed, e.g., Elastic Search, LDAP, or RDP
  4. Vulnerable Protocols, e.g., SSLv3

The website is a great resource to get general statistics about the protocols, like the number of hosts speaking the protocol, their geographic distribution, associated ASNs, and the historic information.


urlscan.io

 https://urlscan.io/

Malware | Tool

urlscan.io is a sandbox for URLs. The website generates a report for a URL to get a basic understanding about the network connections involved. The report includes a screenshot, the list of IP addresses and domains the website uses, and detected scripts.