HTTP(s) malware: download papers and files

A collection for everyone which is interested in HTTP(s) based malware analysis. This collection holds papers, pcaps and files which will assist you in getting a better understanding of the HTTP(s) malware landscape and methods which are used to detect HTTP(s) based malware.


Lots of good content to read.

cyberwarzone

Papers

A collection of papers which take a deep dive into HTTP(s) based malware.

How to identify malicious HTTP Requests

HTTP header heuristics for malware detection

The Ghost In The Browser
Analysis of Web-based Malware


Detecting Malware-Infected Devices Using the HTTP Header
Patterns

Controlling malware HTTP communications in dynamic analysis system using search engine

Detecting Adaptive Data Exfiltration in HTTP Traffic


Pcaps

There is a big chance that you are in need of HTTP(s) malware pcaps. In the collection below, you will find resources where you can download PCAPs of known malware samples. One of them is for example the Loki Botnet.

Loki Botnet HTTP behavior

Loki Botnet HTTP behavior (v2)

Netresec PCAPs

Indicators of compromise

Once you have an indicator of compromise, you might want to look into these communities to check if more information is available. You can also do it in reverse, utilize these communities to find malware, papers, reports and PCAP’s.

VirusTotal

OTX.Alienvault.com

IBM X-force

Blacklists

Blacklists can be used in many ways, it can help you to identify unwanted connections and it can assist you in finding PCAPs or environments that will lead you to HTTP(s) malware. To help you forward, there is a huge collection of public blacklist services which you can utilize, and we have noted them down for you.

SSL IP blacklist

Artists Against 419

ATLAS from Arbor Networks

Blackweb Project


CLEAN-MX Realtime Database

CriticalStack Intel Marketplace

CYMRU Bogon List


DShield Blocklist

FireHOL IP Lists

Google Safe Browsing API


Malc0de Database

Malware Domain Blocklist

MalwareDomainList.com Hosts List


Malware Patrol’s Malware Block Lists

MalwareURL List

OpenPhish


PhishTank Phish Archive

Project Honey Pot’s Directory of Malicious IPs

Risk Discovery


Scumware

Shadowserver IP and URL Reports

URLhaus

Share this info: