A Python-based cybersecurity tool that integrates with the VirusTotal API to analyze suspicious files and URLs. Extracts Indicators of Compromise (IoCs) including hashes, IP addresses, and domains. Correlates findings with threat intelligence to identify advanced persistent threats.
- VirusTotal API Integration - Analyze files and URLs using VirusTotal's threat intelligence
- Automated IoC Extraction - Extract hashes, IPs, domains, and URLs from analysis results
- Threat Correlation - Correlate findings with known threat actors and malware families
- Report Generation - Generate detailed PDF reports with findings and recommendations
- TTP Mapping - Map findings to MITRE ATT&CK TTPs
- Python 3.8+
- VirusTotal API key (free tier available)
pip install -r requirements.txt- Get your VirusTotal API key from https://www.virustotal.com/gui/join-us
- Create a
.envfile in the project root:
VIRUSTOTAL_API_KEY=your_api_key_here
python malware_analyzer.py --hash 44d88612fea8a8f36de82e1278abb02fpython malware_analyzer.py --url https://example.com/suspiciouspython malware_analyzer.py --file suspicious_file.exepython malware_analyzer.py --hash <hash> --report[*] Analyzing hash: 44d88612fea8a8f36de82e1278abb02f
[+] Found in VirusTotal database
[+] Detection ratio: 45/70
[+] Threat name: Trojan.Win32.Evil
[+] IoCs extracted:
- IPs: 192.168.1.100, 10.0.0.1
- Domains: evil.com, malware.net
- Hashes: abc123..., def456...
[+] Report generated: report_44d88612.pdf
malware-ioc-analyzer/
├── malware_analyzer.py # Main analysis script
├── ioc_extractor.py # IoC extraction utilities
├── report_generator.py # PDF report generation
├── threat_correlator.py # Threat intelligence correlation
├── requirements.txt # Python dependencies
├── .env.example # Environment variables template
├── README.md # This file
└── examples/ # Example usage scripts
MIT License
John Bustamante - Cybersecurity Professional