Unprotect Project

Malware authors spend a great deal of time and effort to develop complex code to perform malicious actions against a target system. It is crucial for malware to remain undetected and avoid sandbox analysis, antiviruses or malware analysts. With this kind of techniques, malware are able to pass under the radar and stay undetected on a system. The goal of this free database is to centralize the information about malware evasion techniques.

This project aims to provide Malware Analysts and Defenders with actionable insights and detection capabilities to shorten their response times.

Why malware use defense evasion techniques?

One of a big challenge is to detect the malware the fastest possible but also to understand its capabilities. Using self defending techniques increase the time of detection and analysis and allow the malware to perform malicious actions.

If malware is detected just after having been propagated it has little time to steal data or to maximize its impact. The Cybersecurity market is becoming more mature and security tools and applications are today more efficient. However attackers understand and monitor the operation of these tools also.

In addition to that, best practices are not always respected. If a malware evade the antivirus, the sandbox, the firewall and other, it has the time to steal data during the time where it stays undetected. As well, once the malware is caught, it will be analysed by a security analyst that will statically and dynamically analyse it, then create a detection signature.

This time is critical for malware but also for companies:

  • For attackers, the longer the time of detection, the more malicious actions the malware can perform against its target.
  • For companies the shorter the time of detection, the less malicious actions the malware can perform.

It is a big challenge for both companies and attackers.

Behind the Scene

Thomas Roccia
Senior Security Researcher at Microsoft Profile
Jean-Pierre LESUEUR
Lead Developer / Malware Researcher at Phrozen Profile

How to contribute?

Get in touch with our team for:

  • Adding a new technique to the database.
  • Modifying or updating an existing technique.
  • Adding a new code snippet for an existing technique.

Contribute Now

Contribution is actually only possible through our official Github repository.

Contributors

WestMind
Fumik0_
Ahmed
Abhijeet Kumar
Lexsek
一半人生
__Thanat0s__
Edode
Dreamkinn
Jochen
Kyle Cucci
vx-underground
Nat Weinel
Halil Dalabasmaz
Alex Schwarz
Glacius
Sh0ckFR
ghost_pepper108
Kağan IŞILDAK
hackeT
Adam
Aurélien Thierry

Featured In

MatterBot

MatterBot is a two-part extensible Python bot framework that provides a scheduled feed of information sources to your Mattermost channel(s), and listens in channel(s) for commands to trigger the appropriate module(s). Topics

View Project
mbc-markdown

The Malware Behavior Catalog (MBC) is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting.

View Project
CAPE Sandbox

CAPE Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.

View Project

Featured Books

Visual Threat Intelligence / An Illustrated Guide for threat researcher
Book cover

Visual Threat Intelligence is an engaging, succinct guide that explains critical concepts in a visually rich format using real-world examples. This resource covers essential topics such as threat intelligence basics, threat actors' motivations, and important methodologies like the threat intelligence lifecycle, the Diamond Model, and the MITRE ATT&CK framework. You'll discover key analysis tools like YARA, Sigma, and MSTICpy, and learn from notable cyberattacks. Offering a simple yet compelling exploration of cybersecurity, this book serves as an excellent resource for both refreshing knowledge and understanding the practical application of threat intelligence.

By Thomas Roccia

Get Your Copy
Evasive Malware / Understanding Deceptive and Self-Defending Threats
Book cover

Immerse in the compelling world of evasive malware with this book packed with practical information, real-world examples, and advanced techniques for analyzing evasive malicious software. Gain insights on malware analysis within the Windows OS context, learn about malware's anti-detection tricks and how it bypasses security controls, understand victim targeting, and discover anti-forensics techniques. The book concludes with constructing an anti-evasion analysis lab. A succinct resource on modern evasive malware threats, malware analysis, and reverse engineering.

By Kyle Gucci

Get Your Copy
To support the Unprotect Project and get 25% discount use the code: EVASIVE25

Subscribe to our Newsletter

The information entered into this form is mandatory. It will be subjected to computer processing. It is processed by computer in order to support our users and readers. The recipients of the data will be : contact@unprotect.it.

According to the Data Protection Act of January 6th, 1978, you have at any time, a right of access to and rectification of all of your personal data. If you wish to exercise this right and gain access to your personal data, please write to Thomas Roccia at contact@unprotect.it.

You may also oppose, for legitimate reasons, the processing of your personal data.