Open Source Malware Research

Malware
Analysis
Repository

Deep-dive technical analysis of malware specimens, TTP extraction from threat actors, and community-driven research for security professionals and enthusiasts.

View on GitHub → Browse Tools
23
Analysis Tools
3
Research Articles
3
PDF Writeups
APT
TTP Coverage
bash — usman@offensive-panda:~/MalwareAnalysis
$ file suspicious.exe
suspicious.exe: PE32+ executable (GUI) x86-64, for MS Windows — UPX packed
$ strings suspicious.exe | grep -iE "http|cmd|powershell|reg"
http://185.220.101[.]47/payload.bin
cmd.exe /c powershell -enc <base64>
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
$ capa suspicious.exe --format json | python3 -m json.tool
CAPABILITY: encrypt data using AES via WinAPI · inject shellcode via process hollowing
CAPABILITY: establish persistence via Registry run key · exfiltrate data via HTTP
$ yara -r ./rules/apt_dcrat.yar suspicious.exe
[MATCH] DCRat_v4_loader suspicious.exe — confidence: HIGH
$ _
Repository Goals

Purpose

3 Focus Areas
🔬
Malware Technical Analysis
Deep structural analysis of malware specimens with comprehensive reports detailing anatomy, behavior, and attack vectors.
  • Dive deep into the anatomy of malware specimens
  • Detailed reports break down structure, behavior, and attack vectors
  • Shedding light on the inner workings of malicious code
🎯
Attacker TTP Extraction
Learn techniques to uncover the Tactics, Techniques, and Procedures used by threat actors to improve threat intelligence.
  • Uncover TTPs used by real-world threat actors
  • Understand attacker methodologies and tooling
  • Improve threat intelligence and detection engineering
🤝
Community Contributions
Encouraging contributions from the cybersecurity community to bolster shared knowledge and defenses.
  • Share insights, analysis reports, and YARA rules
  • Collaborative knowledge base for defenders
  • Open platform for security researchers worldwide
Analyst Toolkit

Open Source & Commercial Tools

23 tools
🖥️
Flare-VM
Windows RE & malware analysis VM
↓ Get
🐧
REMnux
Linux toolkit for malware analysis
↓ Get
🔍
dnSpy
.NET assembly editor & debugger
↓ Get
✂️
Cutter
Qt GUI for Radare2 reverse engineering
↓ Get
📊
Detect-It-Easy
Identify executables, packers & crypters
↓ Get
📸
RegShot
Registry snapshot comparison tool
↓ Get
📋
ExeInfoPE
Analyze PE file properties & packers
↓ Get
🧹
De4dot
.NET assembly deobfuscator
↓ Get
🎯
Capa
Identify capabilities in binaries
↓ Get
📡
Procmon
Real-time filesystem & registry monitor
↓ Get
⚙️
ProcessHacker
Advanced process & system activity tool
↓ Get
🌐
TcpView
View all open TCP/UDP endpoints
↓ Get
🐻
PE Bear
Analyze & modify PE file structures
↓ Get
🔬
PE Studio
Static PE analysis & malicious code detection
↓ Get
🦈
Wireshark
Network protocol analyzer & packet capture
↓ Get
🏆
IDA Pro
Industry-standard disassembler & debugger
↓ Get
👨‍🍳
CyberChef
Web-based data analysis & transformation
↓ Get
💾
HxD
Hex editor for binary file analysis
↓ Get
🗂️
CFF Explorer
PE editor with detailed file structure insights
↓ Get
🦠
VirusTotal
Multi-engine malware scanning & analysis
↓ Get
📜
YARA
Rule-based malware identification & classification
↓ Get
🐛
x32dbg
32-bit debugger for RE & binary analysis
↓ Get
🐛
x64dbg
64-bit debugger with powerful RE features
↓ Get
Research

Articles

3 articles
DCRat Analysis
RAT Remote Access Keylogger
Dark Crystal RAT (DCRat) — Detailed Analysis
In-depth analysis of DCRat, the remote access trojan posing a critical threat to organizations worldwide. Uncovers multifaceted capabilities including remote control, keylogging, file manipulation, and data exfiltration.
Read More
AsyncRAT Analysis
AsyncRAT APT-C-36 Blind Eagle
Unveiling the Intricacies of AsyncRAT
Technical analysis of the reemerged Blind Eagle threat group (APT-C-36), known for targeted phishing campaigns masquerading as Colombian government agencies attacking organizations in Colombia and Ecuador.
Read More
SamSam Ransomware
Ransomware RDP BruteForce Threat Emulation
Unveiling the Intricacies of SamSam Ransomware
Detailed analysis and proactive threat emulation of SamSam Ransomware exploiting Windows systems. APT group used multiple techniques for initial access via RDP Brute Force, with comprehensive threat emulation approach.
Read More
Analysis Repository

GitHub Repo

Malware Analysis Repo
Open Source · GitHub
Malware Analysis GitHub Repository
Dedicated to providing in-depth technical analysis of various malware strains, equipping security professionals, researchers, and enthusiasts with the knowledge and tools needed to counteract cyber threats effectively.
Visit Repo
Community Resources

PDF Writeups

3 PDFs
DCRat
Malware Analysis Report
Dark Crystal RAT · Remote Access Trojan · TTP Analysis
PDF
SamSam
Ransomware Analysis Report
SamSam Ransomware · RDP BruteForce · Threat Emulation
PDF
AsyncRAT
APT Campaign Analysis
Blind Eagle · APT-C-36 · Colombia & Ecuador Campaign
PDF
Sources

References

01attack.mitre.org — MITRE ATT&CK Enterprise Matrix 02linkedin.com/in/usman-sikander13 03medium.com/@merasor07 — Research Articles & Publications 04cytomate.net — Cybersecurity Platform
⚠️
Disclaimer
The content, techniques, and tools in this repository are intended solely for educational and research purposes within the cybersecurity community. The author explicitly disclaims any responsibility for misuse or unlawful use. Any actions taken based on this information are done so entirely at the user's own risk.