Skip to content

Bustmalone/malware-ioc-analyzer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Malware Investigation & IoC Analyzer

A Python-based cybersecurity tool that integrates with the VirusTotal API to analyze suspicious files and URLs. Extracts Indicators of Compromise (IoCs) including hashes, IP addresses, and domains. Correlates findings with threat intelligence to identify advanced persistent threats.

Features

  • VirusTotal API Integration - Analyze files and URLs using VirusTotal's threat intelligence
  • Automated IoC Extraction - Extract hashes, IPs, domains, and URLs from analysis results
  • Threat Correlation - Correlate findings with known threat actors and malware families
  • Report Generation - Generate detailed PDF reports with findings and recommendations
  • TTP Mapping - Map findings to MITRE ATT&CK TTPs

Requirements

  • Python 3.8+
  • VirusTotal API key (free tier available)

Installation

pip install -r requirements.txt

Configuration

  1. Get your VirusTotal API key from https://www.virustotal.com/gui/join-us
  2. Create a .env file in the project root:
VIRUSTOTAL_API_KEY=your_api_key_here

Usage

Analyze a file hash (MD5, SHA1, SHA256)

python malware_analyzer.py --hash 44d88612fea8a8f36de82e1278abb02f

Analyze a URL

python malware_analyzer.py --url https://example.com/suspicious

Analyze a file

python malware_analyzer.py --file suspicious_file.exe

Generate a report

python malware_analyzer.py --hash <hash> --report

Example Output

[*] Analyzing hash: 44d88612fea8a8f36de82e1278abb02f
[+] Found in VirusTotal database
[+] Detection ratio: 45/70
[+] Threat name: Trojan.Win32.Evil
[+] IoCs extracted:
    - IPs: 192.168.1.100, 10.0.0.1
    - Domains: evil.com, malware.net
    - Hashes: abc123..., def456...
[+] Report generated: report_44d88612.pdf

Project Structure

malware-ioc-analyzer/
├── malware_analyzer.py    # Main analysis script
├── ioc_extractor.py        # IoC extraction utilities
├── report_generator.py     # PDF report generation
├── threat_correlator.py    # Threat intelligence correlation
├── requirements.txt        # Python dependencies
├── .env.example            # Environment variables template
├── README.md              # This file
└── examples/              # Example usage scripts

Security Notice

⚠️ This tool is for authorized security testing only. Always ensure you have permission before analyzing files or URLs.

License

MIT License

Author

John Bustamante - Cybersecurity Professional

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages