Tool to Harvest Fresh Malware Samples for Security Research.
Security Analyst are constantly in a need for Fresh Malware Samples. The fight against malware is largely driven by ML Models that use static, or dynamic analysis. This is a large field of study. For this Analyst and Researchers require a large amount of Fresh Malware Samples.
As malware advances, new bypass techniques are been developed in a typical Cat and Mouse Game. Models need to be constantly evaluated against their real world performance, and be updated.
For this a recurrently refreshed Dataset is needed. Most Research on this topic provides a "One point on time view" where the researcher collects samples, train the model and publish results at this point on time. But later models are not been evaluated, or retrained based on a recurrently collected model.
-
Clone the repository:
git clone https://github.com/Anti-Malware-Alliance/your-daily-dose-malware.git
-
Go to the project directory:
cd your-daily-dose-malware/ -
Activate the virtual environment:
poetry shell
-
Install dependencies:
poetry install
We gathering malwares samples from multiple osint sources and we currently support bellow source
we are working to add many mores support to provides mores samples
dd-run:(stand fordaily-dose run) is the base command means all other commands that will be introduce bellow are sub-commands and should always be preceded bydd-run.
base on the osint source you want to get samples from, you have different subcommands.
malshare subcommand will fetching around ten thousand and more samples you can set a treshold with --limit option. if this option is not provided all available samples will be download
dd-run malshare --limit 10if you want to define where to download your samples use --path followed by the path wanted. by default your malwares will be downloaded in the current directory inside al folder named: Downloaded-Malwares
dd-run malshare --limit 10 --path "My-daily-dose"malware bazaar subcommand, will fetching either one hundred samples or the most_recent you can choose which one you want to use basesd on your hungry level, by providing --hundred or -h to get the latest one hundred samples or --most-recent or -mr to get the most recent samples.
dd-run m-bazaar --hundredCurrently looking for a Collaborator for initial write up. If you are interested (https://github.com/orgs/Anti-Malware-Alliance/projects/1/views/1?pane=issue&itemId=58915911)