Another busy month, so this time I’m sharing a quick (but solid!) list of approximately 50+ resources that can be useful for gathering openly available information on malware campaigns, news, samples and more. Hoping to get back into classical old school OSINT very soon though, so keep an eye out.
In the meantime, bookmark or archive this list!
Sandbox, upload & analysis services
Online sandbox services and similar websites listed below allow you to upload potentially malicious files (and URLs) that can be executed safely away from your system. You can also compare known hashes and indicators of compromise based on what other users already sent in.
Note that paid access will be needed for more granular analysis. Also remember that advanced malware can detect a sandbox and alter its behaviour accordingly. Finally, DO NOT upload files that contain sensitive or private information – users with premium access to the services might be able to gain access to those secrets.
- Any Run: https://app.any.run
- Cockoo Sandbox: https://cuckoosandbox.org
- DocGuard: https://app.docguard.io
- Hybrid Analysis: https://www.hybrid-analysis.com
- Filescan: https://www.filescan.io/scan
- Firmware.re: http://firmware.re
- ID Ransomware MalwareHunterTeam: https://id-ransomware.malwarehunterteam.com
- Malware Tracker: https://malwaretracker.com
- PDF Examiner: https://tylabs.com/tools/pdfexaminer
- Sucuri SiteCheck: https://sitecheck.sucuri.net
- Virus Total: https://www.virustotal.com
Repositories & news
A mix of news aggregators, malware samples sites and everything in between.
- Bleeping Computer: https://www.bleepingcomputer.com/tag/malware
- CISA: https://www.cisa.gov/topics/cyber-threats-and-advisories/malware-phishing-and-ransomware
- Malpedia: https://malpedia.caad.fkie.fraunhofer.de/library
- Malware Analysis: https://malwareanalysis.co/malware-samples
- Malware News: https://malware.news
- Info Security: https://www.infosecurity-magazine.com/malware
- PC Risk: https://www.pcrisk.com
- The Daily Swig: https://portswigger.net/daily-swig/malware
- Virus Share: https://virusshare.com
- Wired: https://www.wired.com/tag/malware/
Companies & known industry brands
Below is a collection of websites run by cybersecurity companies and known industry brands. These companies and vendors collect and provide information on various types of malware, their characteristics, and ways to mitigate them. NOTE: I tried to include the ones that don’t hit you with their sales pitch every time you click on a link!
- AlienVault OTX: https://otx.alienvault.com/browse/global/malware
- BlackBerry: https://blogs.blackberry.com/en/home
- ESET – We Live Security: https://www.welivesecurity.com
- Forcepoint: https://www.forcepoint.com/blog
- Malwarebytes Labs: https://www.malwarebytes.com/blog
- McAfee: https://www.mcafee.com/blogs
- Microsoft: https://www.microsoft.com/en-us/security/blog
- Sentinel One: https://www.sentinelone.com/blog
- Sophos – Naked Security: https://nakedsecurity.sophos.com
- Trend Micro: https://www.trendmicro.com/en_ie/research.html
Social media accounts
Twitter users and communities on Twitter are overall great for sharing warnings, detections and advice about malware that can be useful to online investigators. A subjective list in no particular order (other than alphabetical) and only really a tiny, tiny part of what you can find on Twitter using #malware.
- Abuse.ch: https://twitter.com/abuse_ch
- Amigo-A: https://twitter.com/Amigo_A_
- Execute Malware: https://twitter.com/executemalware
- Hasherezade: https://twitter.com/hasherezade
- Jake Williams: https://twitter.com/MalwareJake
- MalwareHunterTeam: https://twitter.com/malwrhunterteam
- Michael Gillespie: https://twitter.com/demonslay335
- MISP Project: https://twitter.com/MISPProject
- Lenny Zeltser: https://twitter.com/lennyzeltser
- Vitali Kremez: https://twitter.com/VK_Intel
- VX-Underground: https://twitter.com/vxunderground
- 3xp0rt: https://twitter.com/3xp0rtblog
Blogs & community groups
A loose collection of online communities and blogs where known industry individuals share content and knowledge to raise awareness on malware-related topics. Some of the authors are more prolific and in depth than others. This section definitely could use some community suggestions and contributions as there are hundreds more of useful resources out there.
- Dancho Danchev: https://ddanchev.blogspot.com
- ID Ransomware: https://id-ransomware.blogspot.com
- Malware Hell: https://c3rb3ru5d3d53c.github.io
- Malware Tech: https://malwaretech.com
- Malware Tips: https://malwaretips.com/blogs
- Malware Traffic Analysis: https://www.malware-traffic-analysis.net/index.html
- Schneier on Security: https://www.schneier.com
PLEASE DO SHARE ANY ADDITIONAL LINKS YOU CAN RECOMMEND VIA COMMENTS OR EMAIL!