Open malware analysis / reversing database

demon-i386/malware-analysis

About

What is this project?

• This project is a open database for artifact analysis.

How this project works?

• Anyone can analyse a malware and post his research here

Know Issues

Duplicated analysis

• All the researchers must reach a consensus on the thesis, one thesis can expand another

• want to contribute? PR a artifact!
  • Create a TODO and a section in Artifacts for the artifact
  • Create a folder with the SHA256 of the artifact
  • Research…
  • Obs :: after finishing mark the task for the artifact in TODO
  • Want hall of fame? hack the C2!

Table of Contents

Artifact

TODO

Bibliography

Template-help

Artifacts

• JS
  • vjw0rm
    • 2355e659f40169ec63dddce6d88c88411b1b02f4e4ea6cc74d794dd67a214bd0 :: “Js Matryoshka”
• C#
  • asyncRat
    • 880b18145e64ab802fcef6b07de69e18bf63bfe27f07760a9ef22d5d38861b5a :: “Devilish Bitmap”

Todo

• - 2355e659f40169ec63dddce6d88c88411b1b02f4e4ea6cc74d794dd67a214bd0 :: “Js Matryoshka”
• - 880b18145e64ab802fcef6b07de69e18bf63bfe27f07760a9ef22d5d38861b5a :: “Devilish Bitmap”

Bibliography

• https://bazaar.abuse.ch

Template-help

Indexing

Artifacts

- Language
  - Signature

Article writing

File Information
  - Artifact: FILE REFERENCE
  - Category: ARTIFACT CATEGORY (Ex: RAT, Ransonware, ...)
  - Extesion: ARTIFACT EXTENSION
  - SHA256 Signature: ARTIFACT SHA256 SIGNATURE
  - File name: ARTIFACT NAME IN THE WILD (*)
  - Platform: ARTIFACT TARGET PLATFORM
  - Signature: ARTIFACT SIGNATURE
Dynamic Analysis
    Connections, behaviors, etc...
Code Analysis
    Code, files, resources, etc...
Misc (*)
    Anything related to the artifact, extra space for information