Convert Figma logo to code with AI

ytisf logotheZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

11,114
2,494
11,114
74
View on GitHub

Top Related Projects

vxunderground's avatar

MalwareSourceCode

15,571

Collection of malware source code for a variety of platforms in an array of different programming languages.

malwaredllc's avatar

byob

8,933

An open-source post-exploitation framework for students, researchers and developers.

Endermanch's avatar

MalwareDatabase

2,317

One of a few malware collections on the GitHub.

Quick Overview

theZoo is a repository of live malware samples for research and educational purposes. It contains a collection of malware binaries, source code, and documentation, providing a controlled environment for cybersecurity professionals and researchers to study various types of malicious software.

Pros

  • Offers a diverse collection of malware samples for analysis and research
  • Provides a safe, controlled environment for studying malicious software
  • Includes documentation and information about each malware sample
  • Regularly updated with new samples and information

Cons

  • Potentially dangerous if not handled properly; requires strict security measures
  • May be misused by malicious actors if not properly secured
  • Some samples may be outdated or no longer relevant to current threats
  • Legal and ethical concerns regarding the possession and distribution of malware

Getting Started

  1. Clone the repository:

    git clone https://github.com/ytisf/theZoo.git

  2. Set up a secure, isolated environment (e.g., virtual machine) for handling malware samples.

  3. Review the documentation and safety guidelines provided in the repository.

  4. Use appropriate analysis tools and techniques to study the malware samples.

  5. Always exercise caution and follow best practices when working with live malware.

Competitor Comparisons

vxunderground logo

MalwareSourceCode

15,571

Collection of malware source code for a variety of platforms in an array of different programming languages.

Pros of MalwareSourceCode

  • Larger collection of malware samples and source code
  • More diverse range of malware types and families
  • Regularly updated with new samples

Cons of MalwareSourceCode

  • Less structured organization compared to theZoo
  • Potentially higher risk due to raw source code availability
  • Limited documentation and analysis for each sample

Code Comparison

MalwareSourceCode (Mirai botnet sample):

#define _GNU_SOURCE

#ifdef DEBUG
#include <stdio.h>
#endif
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <fcntl.h>
#include <string.h>

theZoo (Zeus botnet sample):

#include <windows.h>
#include <wininet.h>
#include <shlwapi.h>
#include <shlobj.h>
#include <stdio.h>

Both repositories provide valuable resources for malware analysis and research. MalwareSourceCode offers a more extensive collection with frequent updates, while theZoo provides a more structured and curated approach with additional documentation and analysis.

malwaredllc logo

byob

8,933

An open-source post-exploitation framework for students, researchers and developers.

Pros of BYOB

  • Offers a more comprehensive framework for building custom malware
  • Provides a user-friendly interface for managing and deploying payloads
  • Includes features for obfuscation and evasion techniques

Cons of BYOB

  • Less focused on providing a diverse collection of existing malware samples
  • May require more technical expertise to utilize effectively
  • Potentially more complex setup and configuration process

Code Comparison

BYOB (client-side payload execution):

import subprocess
def execute(command):
    output = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
    return output.stdout.read() + output.stderr.read()

theZoo (malware sample retrieval):

def get_malware(mal_name):
    if mal_name in conf.maldb_repo:
        return conf.maldb_repo[mal_name]
    else:
        return None

While BYOB focuses on creating and executing custom payloads, theZoo emphasizes retrieving and managing existing malware samples. BYOB's code demonstrates payload execution, whereas theZoo's code shows malware sample retrieval from a database.

Endermanch logo

MalwareDatabase

2,317

One of a few malware collections on the GitHub.

Pros of MalwareDatabase

  • Larger collection of malware samples, providing a more extensive resource for researchers
  • Includes more recent and actively maintained malware samples
  • Better organization with categorization by malware type and family

Cons of MalwareDatabase

  • Less detailed documentation and analysis for each malware sample
  • Fewer security measures in place to prevent accidental execution of malware
  • Limited cross-platform support compared to theZoo

Code Comparison

MalwareDatabase:

def download_sample(url):
    response = requests.get(url)
    with open("sample.zip", "wb") as file:
        file.write(response.content)

theZoo:

def download_malware(self):
    if self.download_from_git(self.giturl):
        self.name = self.giturl.split('/')[-1]
    else:
        print("Error downloading from git")

Both repositories provide methods for downloading malware samples, but theZoo's implementation is more robust and includes error handling. MalwareDatabase's approach is simpler but potentially less secure.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

theZoo - A Live Malware Repository

Contributions Welcome HitCount GitHub stars made-with-python

Logo

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.

theZoo is open and welcoming visitors!

If you are about to interact with our community please make sure to read our CODE-OF-CONDUCT.md prior to doing so. If you plan to contribute, first - thank you. However, do make sure to follow the standards on CONTRIBUTING.md.

Disclaimer

theZoo's purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.

Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!!

We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with vicious and dangerous malware!!!

Getting Started

Clone the repository with git clone https://www.github.com/ytisf/theZoo. Go to the directory and run pip install --user -r requirements.txt. This should install all latest requirements needed. In total can be "scripted" like so:

git clone https://www.github.com/ytisf/theZoo
cd theZoo
pip install --user -r requirements.txt

Start by running the console:

python theZoo.py

License

theZoo - the most awesome free malware database on the air Copyright (C) 2015-2021, Yuval Nativ, Lahad Ludar, 5fingers

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

You can also find more information in LICENSE.md.

License section does not apply to any of malicious samples in theZoo's repository which includes samples and source code, reversed or otherwise.

Documentation and Notes

Background

theZoo's objective is to offer a fast and easy way of retrieving malware samples and source code in an organized fashion in hopes of promoting malware research.

Root Files

Since version 0.42 theZoo has been undergoing dramatic changes. It now runs in both CLI and ARGVS modes. You can call the program with the same command line arguments as before. The current default state of theZoo runtime is the CLI. The following files and directories are responsible for the application's behaviour.

/conf - The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.

/imports - Contains .py import files used by the rest of the application

/malware/Binaries - The actual malwares samples - be careful! These are very live.

/malware/Source - Malware source code.

Malware under the folder Original is supposed to be (NO PROMISES!) the original source of the malware that leaked. Malware under the folder Reversed is either reversed, decompiled or partially reconstructed.

Directory Structure:

Each directory is composed of 4 files:

  • Malware files in an encrypted ZIP archive.
  • SHA256 sum of the 1st file.
  • MD5 sum of the 1st file.
  • Password file for the archive.

Bugs and Reports

The repository holding all files is currently https://github.com/ytisf/theZoo

Submit Malware

Get the file you want to submit and just run python prep_file.py file_tosubmit.exe. It will create a directory for you. Then just submit that along with the changes to the conf/maldb.db so that we know which malware it is.

Change Log for v0.60:

  • Moved DB to SQLite3.
  • Searching overhaul to a freestyle fashion.
  • Fixed "get" command.
  • More & more malwares.

Change Log for v0.50:

  • Better and easier UI.
  • Aligned printing of malwares.
  • Command line arguments are now working.
  • Added 10 more malwares (cool ones) to the DB.

Change Log for v0.42:

  • Fix EULA for proper disclaimer.
  • More precise searching and indexing including platform and more.
  • Added 10 new malwares.
  • Git update of platform and new malware.
  • Fix display of search.
  • Enable support for platform and architecture in indexing.
  • Separate between database and application.
  • UI improvements.

Change Log for v0.43:

  • Verify argv to be working properly. (fixes in v0.5)
  • Virus-Total upload and indexing module. - Not possible due to restrictions of VT.
  • Automatic reporting system for malwares which are not indexed in the framework.

Change Log for v0.50:

  • Malware analysis pack has been removed to reduce clone size.
  • More documentation has been added.
  • Removed debugging function which were dead in the code.

Predicted Change Log for v1.0

  • Fix auto-complete for malware frameworks. (thanks to 5fingers)
  • Consider changing DB to XML or SQLite3. (Sheksa - done :))
  • Better UI features.
  • Fix and make 'light' version without malwares with _MalwareFetch function.

Hopeful

  • A GUI.
  • Package releases.

If you have any suggestions or malware that you have indexed (in the manner laid out in the documentation) please send it to us to - thezoo-submissions [a-t] morirt [.d0t.] com - so we can add it for everyone's enjoyment.

Shout outs

  • Thanks to @LogoiLab for the licensing change submission.