awesome-malware-resources
github.com/sokow86/awesome-malware-resources ↗Just another collection of links, tools, reports and other stuff
25
GitHub Stars
247
Curated Resources
12
Categories
20 hours ago
Last Refreshed
Infostealer / Banking MalwareLoader / DropperRansomwareAPTMalware AnalysisMaldoc AnalysisMalware DevelopmentList of Plugins for Disassembler/DecompilerIDA PluginsMITRE ATT&CKResearcherVendors
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me icedid resources from awesome-malware-resources"
Installation instructions →What's inside
Malware Development
- 0xPat - Malware development part 1
Malware development part 1
- 0xPat - Malware development part 2
Malware development part 2
- 0xPat - Malware development part 3
Malware development part 3
- 0xPat - Malware development part 4
Malware development part 4
- 0xPat - Malware development part 5
Malware development part 5
- 0xPat - Malware development part 6
Malware development part 6
Infostealer / Banking Malware
- A Deep Dive Into IcedID Malware: Part II - Analysis of the Core IcedID Payload (Parent Process)IcedID
Analysis of the Core IcedID Payload (Parent Process)
- A Deep Dive Into IcedID Malware: Part III - Analysis of Child ProcessesIcedID
Analysis of Child Processes
- A Deep Dive Into IcedID Malware: Part I - Unpacking, Hooking and Process InjectionIcedID
Unpacking, Hooking and Process Injection
- A Deep Dive into Lokibot Infection ChainLokiBot
- Agent Tesla: A Day in a Life of IRAgent Tesla
- Agent Tesla amps up information stealing attacksAgent Tesla
Loader / Dropper
- A deep dive into Saint Bot, a new downloaderSaint Bot
- Advancements in Invoicing - A highly sophisticated way to distribute ZLoaderZLoader
A highly sophisticated way to distribute ZLoader
- Anatomy of Cobalt Strike’s DLL StagerCobalt Strike
- Dancing With Shellcodes: Cracking the latest version of GuloaderGuLoader
- Detecting Cobalt Strike Default Modules via Named Pipe AnalysisCobalt Strike
- Going Deep | A Guide to Reversing Smoke Loader MalwareSmokeLoader
A Guide to Reversing Smoke Loader Malware
APT
- A detailed analysis of ELMER Backdoor used by APT16
- A Guide to Ghidra Scripting Development for Malware Researchers
- Analyzing APT19 malware using a step-by-step method
- APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
- Dissecting APT21 samples using a step-by-step approach
- Higaisa or Winnti? APT41 backdoors, old and new
Malware Analysis
- Analyzing Modern Malware Techniques - Part 1Overview of Malware Techniques
Part 1
- Analyzing Modern Malware Techniques - Part 2Overview of Malware Techniques
Part 2
- Analyzing Modern Malware Techniques - Part 3Overview of Malware Techniques
Part 3
- Analyzing Modern Malware Techniques - Part 4Overview of Malware Techniques
Part 4
- Beware of the Shadowbunny - Using virtual machines to persist and evade detectionsWeaponizing Windows Virtualization
Using virtual machines to persist and evade detections
- Common Tools & Techniques Used By Threat Actors and Malware — Part IOverview of Malware Techniques
Ransomware
- An Analysis of the Egregor RansomwareEgregor
- An Inside Look at How Ryuk Evolved Its Encryption and Evasion TechniquesRyuk
- A Technical Look into Maze RansomwareMaze
- Babuk Ransomware Analysis by Chuong DongBabuk
- DearCry ransomware attacks exploit Exchange server vulnerabilitiesDearCry
- Deep Analysis of Ryuk Ransomware - N1ght-W0lfRyuk
N1ght-W0lf
Showing a sample of 247 resources. View the full list on GitHub →