malware-analysis/theZoo
1
0
Fork 0
mirror of https://github.com/ytisf/theZoo.git synced 2026-02-23 04:08:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
64789d1e37cb4a3bbc390bc73b6509e2f2503f16
theZoo/params.json
Yuval Nativ 64789d1e37 Create gh-pages branch via GitHub
2014-02-19 14:03:21 +02:00

1 line
6.3 KiB
JSON
Raw Blame History

{"name":"theZoo aka Malware DB","tagline":"A repository of LIVE malwares for your own joy and pleasure","body":"About\r\n======\r\nMalware DB is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis we have decided to gather all of them for you in an available and safe way. \r\n![](http://hackingdefined.org/publications/MalDB-Logo-Thumb.png)\r\n\r\nDisclaimer\r\n==========\r\nMalware DB's purpose is to allow the study of malware and enable people who are interested in malware analysis or maybe even as a part of their job to have access to live malware, analyse the ways they operate and maybe even enable advanced and savvy people to block specific malwares within their own environment.\r\n\r\n**Please remember that there are live and dangerous malwares! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!**\r\n\r\nWe recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained meaning the you **will infect yourself or others with vicious and dangerous malwares!!!**\r\n\r\n\r\nGPL 3\r\n======\r\nMalware DB - the most awesome free malware database on the air \r\nCopyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers\r\n\r\nThis program is free software: you can redistribute it and/or modify\r\nit under the terms of the GNU General Public License as published by\r\nthe Free Software Foundation, either version 3 of the License, or\r\n(at your option) any later version.\r\n\r\nThis program is distributed in the hope that it will be useful,\r\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\r\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r\nGNU General Public License for more details.\r\n\r\nYou should have received a copy of the GNU General Public License\r\nalong with this program. If not, see <http://www.gnu.org/licenses/>.\r\n\r\n\r\nDocumentation and Notes\r\n========================\r\n\r\n## Background:\r\nThe idea behind Malware DB it to allow it to be modular and let you enter more malwares of your own. Each malware should have a directory of it's own. \r\n\r\n## Root Files:\r\nSince version 0.42 theZoo have been going dramatic changes. It now runs in both CLI and ARGVS mode. You can all the program with the same command line agreements as before.\r\nThe current default state of theZoo at runtime is the CLI which is inspired by MSF. The following files and directories are responsible for the application's behaviour.\r\n\r\n### /conf\r\nThe conf folder hold files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf, the current database version, the CSV indexed file and more.\r\n### /imports\r\nContains .py and .pyc import files used by the rest of the application\r\n### /malwares\r\nThe actual malwares - be careful!\r\n### /mdbv0.2\r\nSince mdbv0.2 is stable for the command line arguments (where as of 0.42 we are not yet completely sure) and since the size is relativly small we have left out the beta version for those who are interested in it or got used to it. In next version we will confirm arguments as should be.\r\n\r\n\r\n## Directory Structure:\r\nEach directory is composed of 5 files:\r\n- Malware files in an encrypted ZIP archive. \r\n- SHA256 sum of the 1st file. \r\n- MD5 sum of the 1st file.\r\n- Password file for the archive. \r\n- index.log file for the indexer. \r\n\r\n\r\n## Structure of index.csv\r\nThe main index.csv is the DB which you will look in to find malwares indexed on your drive. We use the , charachter as the delimiter to our CSVs. \r\nThe structure is al follows:\r\n\r\n\tuid,location,type,name,version,author,language,date\r\n\r\n- UID \t-\tDetermined base on the indexing process.\r\n- Location \tThe location on the drive of the malware you have searched for.\r\n- Type\t-\tSorts the different types of malware there are. So far we sort by:\tVirus, Trojans, Botnets, Ransomeware, 1Spyware\r\n- Name\t-\tJust the name of the malware.\r\n- Version\t-\tNothing to say here as well.\r\n- Author\t-\t... I'm not that into documentation...\r\n- Programming Language - The state of the malware as for source, bin or which type of source. c/cpp/bin...\r\n- Date\t-\tSee 'Author' section.\r\n- Architecture - The arch the platform was build for. Can be x86, x64, arm7....\r\n- Platform - Win32, Win64, *nix32, *nix64, iOS, android and so on.\r\n\r\nAn example line will look as follow:\r\n\r\n 4,Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004,botnet,rBot,0.3.3,unknown,cpp,00/05/2004,x86,win32\r\n\r\n\r\nBugs and Reports\r\n================\r\nThe repository holding all files is currently \r\n\thttps://github.com/ytisf/theZoo\r\n\r\n##Change Log for v0.50:\r\n- [x] Better and easier UI. \r\n- [x] Aligned printing of malwares. \r\n- [x] Command line arguments are now working. \r\n- [x] Added 10 more malwares (cool ones) to the DB.\r\n\r\n##Change Log for v0.42:\r\n- [x] Fix EULA for proper disclaimer.\r\n- [x] More precise searching and indexing including platform and more.\r\n- [x] Added 10 new malwares.\r\n- [x] Git update of platform and new malware.\r\n- [x] Fix display of search.\r\n- [x] Enable support for platform and architecture in indexing.\r\n- [x] Separate between database and application.\r\n- [x] UI improvements.\r\n\r\n##Predicted Change Log for v1.0\r\n- [ ] Fix auto-complete for malware frameworks.\r\n- [ ] Better UI features.\r\n- [X] Verify argv to be working properly. (fixes in v0.5)\r\n- [ ] Virus-Total upload and indexing module.\r\n- [ ] Automatic reporting system for malwares which are not indexed in the framework.\r\n\r\nStuff which are in the making:\r\n\r\n\r\nIf you have any suggestions or malware that you have indexed as in the documentations please send it to us to yuvaln210 [at] your most popular mail server so we can add it for every one's enjoyment. ","google":"","note":"Don't delete this file! It's used internally to help with page regeneration."}
Reference in New Issue View Git Blame Copy Permalink