A collection for everyone which is interested in HTTP(s) based malware analysis. This collection holds papers, pcaps and files which will assist you in getting a better understanding of the HTTP(s) malware landscape and methods which are used to detect HTTP(s) based malware.
Lots of good content to read.
cyberwarzone
Papers
A collection of papers which take a deep dive into HTTP(s) based malware.
How to identify malicious HTTP Requests
HTTP header heuristics for malware detection
The Ghost In The Browser
Analysis of Web-based Malware
Detecting Malware-Infected Devices Using the HTTP Header
Patterns
Controlling malware HTTP communications in dynamic analysis system using search engine
Detecting Adaptive Data Exfiltration in HTTP Traffic
Pcaps
There is a big chance that you are in need of HTTP(s) malware pcaps. In the collection below, you will find resources where you can download PCAPs of known malware samples. One of them is for example the Loki Botnet.
Loki Botnet HTTP behavior
Loki Botnet HTTP behavior (v2)
Netresec PCAPs
Indicators of compromise
Once you have an indicator of compromise, you might want to look into these communities to check if more information is available. You can also do it in reverse, utilize these communities to find malware, papers, reports and PCAP’s.
VirusTotal
OTX.Alienvault.com
IBM X-force
Blacklists
Blacklists can be used in many ways, it can help you to identify unwanted connections and it can assist you in finding PCAPs or environments that will lead you to HTTP(s) malware. To help you forward, there is a huge collection of public blacklist services which you can utilize, and we have noted them down for you.
Artists Against 419
ATLAS from Arbor Networks
Blackweb Project
CLEAN-MX Realtime Database
CriticalStack Intel Marketplace
CYMRU Bogon List
DShield Blocklist
FireHOL IP Lists
Google Safe Browsing API
Malc0de Database
Malware Domain Blocklist
MalwareDomainList.com Hosts List
Malware Patrol’s Malware Block Lists
MalwareURL List
OpenPhish
PhishTank Phish Archive
Project Honey Pot’s Directory of Malicious IPs
Risk Discovery
Scumware
Shadowserver IP and URL Reports
URLhaus