This repository contains a Python script that allows users to create, manage, and interact with a database of malware families. The script provides functionality to create a new database from a CSV file, view records, export records to a CSV file, add new records, edit existing records, and delete records.
Jihyeon Song, Sunoh Choi, Jungtae Kim, Kyungmin Park, Cheolhee Park, Jonghyun Kim, Ikkyun Kim, A study of the relationship of malware detection mechanisms using Artificial Intelligence, ICT Express, 2024, ISSN 2405-9595, https://doi.org/10.1016/j.icte.2024.03.005.
N. Z. Gorment, A. Selamat, L. K. Cheng and O. Krejcar, "Machine Learning Algorithm for Malware Detection: Taxonomy, Current Challenges, and Future Directions," in IEEE Access, vol. 11, pp. 141045-141089, 2023, doi: 10.1109/ACCESS.2023.3256979. https://ieeexplore.ieee.org/abstract/document/10068497
"Gitting" the Malware: How Threat Actors Use GitHub Repositories to Deploy Malware (Fraser, 2022) https://www.crowdstrike.com/blog/how-threat-actors-use-github-repositories-to-deploy-malware/
The 12 Most Common Types of Malware (Baker, 2023) https://www.crowdstrike.com/cybersecurity-101/malware/types-of-malware/
A curated list of malware repositories, trackers and malware analysis tools (GitHub) https://github.com/albertzsigovits/malware-tools
malpedia https://malpedia.caad.fkie.fraunhofer.de/families
Any.Run Reports (Public Submissions) https://app.any.run/submissions/
Reversing Labs YARA Rules https://github.com/reversinglabs/reversinglabs-yara-rules
URLhaus Database https://urlhaus.abuse.ch/browse/
Malware as a Service https://github.com/yoda66/MAAS
The Fat Rat https://github.com/screetsec/TheFatRat
The script reads malware family data from a CSV file and provides a menu-based interface for interacting with the database. Users can create a new database, view records, export records to a CSV file, add new records, edit existing records, and delete records. The script uses SQLite3 to create and interact with the database and the prettytable library to display the records in a formatted table.
Based on the provided table of malware families, the following results can be observed:
| Malware Family | Malware Examples | Years Active | Key Impacted Industries | Common Delivery Methods | Mitigation Strategies |
|---|---|---|---|---|---|
| Trojans | Emotet, TrickBot, Ursnif, Zeus, SUNBURST (SolarWinds) | 2007-2020 | Financial, Government, Healthcare, Manufacturing, Energy | Phishing emails, Malicious websites, Software vulnerabilities | Coordinated takedowns, Improved email security, Regular software updates, Enhanced supply chain security |
| Ransomware | WannaCry, Petya, Ryuk, REvil, Maze, DarkSide (Colonial Pipeline) | 2016-2021 | Healthcare, Government, Education, Energy, Financial | Phishing emails, Remote Desktop Protocol (RDP), Software vulnerabilities | Timely patching, Improved network segmentation, Regular data backups, Enhanced OT security measures |
| Worms | Stuxnet, CodeRed, Conficker, WannaCry | 2001-2017 | Government, Manufacturing, Energy, Healthcare | Network vulnerabilities, Removable media | Improved network segmentation, Strict control of removable media, Regular security assessments, Timely patching |
| Spyware | Pegasus, Flame, DarkHotel, FinFisher | 2012-2016 | Government, Journalists, Activists, Executives | Phishing emails, Malicious websites, Zero-day exploits | Regular software updates, Use of secure communication apps, Awareness of phishing tactics, Caution when using hotel Wi-Fi networks |
| Adware | Fireball | 2017 | Individual users, Online advertisers | Bundled with free software, Malicious browser extensions | Use of reputable software sources, Careful review of software installation options, Regular use of antivirus and anti-malware tools |
This table summarizes the key malware families, their active years, impacted industries, common delivery methods, and recommended mitigation strategies based on the information provided in the original table.
-
Ensure that you have a CSV file containing the malware family data. The file should have the following columns: Malware Family, Description, Malware Example, Year, Brief Description, Impacted Industries, Delivery Methods, Mitigated By, Sandbox Report URLs.
-
Run the script using the command:
python malware_family_database.py. -
Follow the menu options to interact with the database:
- Create a new database: Prompts the user for a database name and creates a new database with the malware family data. If an existing database is specified, the user is asked if they want to overwrite it or create a new database with a timestamp appended to the name.
- View records: Displays all the records in the specified database using a pretty table format.
- Export records to CSV: Exports the records from the specified database to a CSV file.
- Add a new record: Allows the user to add a new record to the specified database by entering the values for each field.
- Edit a record: Enables the user to edit an existing record in the specified database by entering the record ID and updating the desired fields.
- Delete a record: Deletes a record from the specified database based on the entered record ID.
- Quit: Exits the script.
Malware, short for malicious software, refers to any software program designed to harm, exploit, or gain unauthorized access to computer systems, networks, or devices. Malware can perform various malicious activities, such as stealing sensitive information, encrypting files for ransom, or disrupting system operations.
Malware families are groups of malware that share similar characteristics, behaviors, or code bases. Examples of malware families include:
- Trojans: Malware disguised as legitimate software to gain unauthorized access or perform malicious actions.
- Ransomware: Malware that encrypts files and demands a ransom for decryption.
- Worms: Self-replicating malware that spreads through networks.
- Spyware: Malware that secretly monitors user activity and collects information.
- Adware: Malware that displays unwanted advertisements.
Malware can target various industries, including:
- Financial
- Government
- Healthcare
- Manufacturing
- Energy
- Education
To mitigate the risk of malware infections, organizations and individuals can implement the following measures:
- Timely patching of vulnerabilities
- Improved network segmentation
- Regular data backups
- Use of reputable software sources
- Regular use of antivirus and anti-malware tools
- User education on phishing and safe browsing practices
Online sandbox reports provide detailed analysis of malware samples by executing them in a controlled environment. These reports offer valuable insights into the behavior and characteristics of malware. Some popular online sandboxes include:
- ANY.RUN
- VirusTotal
- Joe Sandbox
- URLhaus
Cyber analysts play a crucial role in detecting, analyzing, and responding to malware threats. Having a comprehensive knowledge of malware families, their characteristics, and methods of operation is essential for effective malware analysis and incident response. By understanding the behavior and impact of different malware families, cyber analysts can develop targeted defenses and mitigation strategies to protect organizations from malware attacks.
Malware authors create malicious software for various reasons, including:
- Financial gain: Stealing sensitive information, extorting money through ransomware, or selling access to compromised systems.
- Espionage: Conducting surveillance and gathering intelligence for nation-states or other entities.
- Hacktivism: Promoting political or social agendas through disruptive actions.
- Competitive advantage: Sabotaging competitors or gaining an unfair advantage in business.
- Notoriety: Seeking recognition and fame within the hacking community.
This repository is for educational purposes only. The information provided here is intended to raise awareness about malware and its associated risks. Always take necessary precautions when handling malware and ensure that you have the appropriate permissions and safeguards in place. The authors and contributors of this repository are not responsible for any misuse or damage caused by the information or code provided.
Copyright 2024 Eric Yocam
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.