Malware hunt – wildfowl to find

2014.01.31

More than twice for the last 24 hours I was asked the non-trivial question:

Where do You find the targets for the malware hunt, if You’re not a  part of the big team, malware researcher or not own a honeynet.

Actually, if You do want to fight a malware, IMHO it is very useful to have a honey-pot system, or, at least, be in security business somehow. It will provide You a non-stop flow of the malicious targets to review. But if  You not, and You still want to help?

Disclamer: All links provided lead to lists of malicious or potentially malicious resources. Do not click there on any link, or don’t run any file, without proper knowledge, env prepared and skills trained.

Well, here are the few links, that  aggregate latest known threats, that You can practice on:

1. Malware Domain List:

http://www.malwaredomainlist.com/update.php

2. URL Query

http://urlquery.net/

3. Malekal.com list of malware

http://malwaredb.malekal.com/

4. VX Vault

http://vxvault.siri-urz.net/ViriList.php?

5. Site Inspector (by Comodo)

http://siteinspector.comodo.com/recent_detections

6. Scumware.org

http://www.scumware.org/index.scumware

7. Malc0de Database

http://malc0de.com/database/

8. Sucuri Malware Labs

http://labs.sucuri.net/?malware

9. Clean-MX Realtime database

http://support.clean-mx.de/clean-mx/viruses

10. Sourcefire Vulnerability Research Team Labs

http://labs.snort.org/iplists/

11. Zeus Tracker

https://zeustracker.abuse.ch/monitor.php?browse=binaries

12. NovCon Minotaur Analysis System

http://minotauranalysis.com/malwarelist-urls.aspx

13. Palevo Tracker

https://palevotracker.abuse.ch/

14. SpyEye Tracker

https://spyeyetracker.abuse.ch/monitor.php?browse=binaries

15. Feodo Tracker

https://feodotracker.abuse.ch/

16. CyberCrime Tracker (Thanks, Steven!)

http://cybercrime-tracker.net/

17. Malwared C&C Tracker

http://malwared.ru/database.php?page=1

18. Cuckoo Sandbox online – analysis + download samples.

https://malwr.com

19. Virustotal – source for MD5 search and huge amount of data per sample.

https://www.virustotal.com/en/#search

20. ThreatExpert

http://www.threatexpert.com/

21. Malware Blacklist

http://www.threatexpert.com/showMDL.php

 

p.s. Many thanks to DrM for almost tripling the list! 🙂

Note: threats are usually detected by many participants, got blocked and eventually became dead, as result (and this is good!), so if You’re looking for the alive target- review the recent updates. Search for similar domains, hosted on same IP hosts etc.

Happy and lucky hunt. Share Your findings and in case You know another good lists of malware urls and targets – comment and I will add it to list.

Update 31.01.2014: Added and fixed some resource URL’s.

Added few new – thx to  [email protected]µ!nh0

Please stay safe!

D.L.

Leave a comment