A collection for everyone which is interested in HTTP(s) based malware analysis. This collection holds papers, pcaps and files which will assist you in getting a better understanding of the HTTP(s) malware landscape and methods which are used to detect HTTP(s) based malware.
A collection of papers which take a deep dive into HTTP(s) based malware.
How to identify malicious HTTP Requests
HTTP header heuristics for malware detection
The Ghost In The Browser
Analysis of Web-based Malware
Detecting Malware-Infected Devices Using the HTTP Header
Controlling malware HTTP communications in dynamic analysis system using search engine
Detecting Adaptive Data Exfiltration in HTTP Traffic
There is a big chance that you are in need of HTTP(s) malware pcaps. In the collection below, you will find resources where you can download PCAPs of known malware samples. One of them is for example the Loki Botnet.
Loki Botnet HTTP behavior
Loki Botnet HTTP behavior (v2)
Indicators of compromise
Once you have an indicator of compromise, you might want to look into these communities to check if more information is available. You can also do it in reverse, utilize these communities to find malware, papers, reports and PCAP’s.
Blacklists can be used in many ways, it can help you to identify unwanted connections and it can assist you in finding PCAPs or environments that will lead you to HTTP(s) malware. To help you forward, there is a huge collection of public blacklist services which you can utilize, and we have noted them down for you.
Artists Against 419
ATLAS from Arbor Networks
CLEAN-MX Realtime Database
CriticalStack Intel Marketplace
CYMRU Bogon List
FireHOL IP Lists
Google Safe Browsing API
Malware Domain Blocklist
MalwareDomainList.com Hosts List
Malware Patrol’s Malware Block Lists
PhishTank Phish Archive
Project Honey Pot’s Directory of Malicious IPs
Shadowserver IP and URL Reports