building-automated-malware-submission-pipeline

Solid

Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.

AI & Automation 38 stars 5 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 89/100

Stars 20%
53
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
100
Description 5%
100

Skill Content

# Building Automated Malware Submission Pipeline ## When to Use Use this skill when: - SOC teams face high volume of suspicious file alerts requiring sandbox analysis - Manual sandbox submission creates bottlenecks in alert triage workflow - Endpoint and email security tools quarantine files needing automated verdict determination - Incident response requires rapid malware family identification and IOC extraction **Do not use** for analyzing live malware samples in production environments — always use isolated sandbox infrastructure. ## Prerequisites - Sandbox environment: Cuckoo Sandbox, Joe Sandbox, Any.Run, or VMRay - VirusTotal API key (Enterprise for submission, free for lookup) - MalwareBazaar API access for known malware lookup - File collection mechanism: EDR quarantine API, email gateway export, network capture - Python 3.8+ with `requests`, `vt-py`, `pefile` libraries - Isolated analysis network with no production connectivity ## Workflow ### Step 1: Build File Collection Pipeline Collect suspicious files from multiple sources: ```python import requests import hashlib import os from pathlib import Path from datetime import datetime class MalwareCollector: def __init__(self, quarantine_dir="/opt/malware_quarantine"): self.quarantine_dir = Path(quarantine_dir) self.quarantine_dir.mkdir(exist_ok=True) def collect_from_edr(self, edr_api_url, api_token): """Pull quarantined files from CrowdStrike Falcon""" headers = {"Au...

Details

Author
adriannoes
Repository
adriannoes/awesome-vibe-coding
Created
8 months ago
Last Updated
yesterday
Language
Jupyter Notebook
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

building-automated-malware-submission-pipeline

Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.

15,448 Updated 1 weeks ago
mukul975
AI & Automation Listed

analyzing-malware-behavior-with-cuckoo-sandbox

Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.

11 Updated yesterday
26zl
AI & Automation Featured

analyzing-malware-behavior-with-cuckoo-sandbox

Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.

15,448 Updated 1 weeks ago
mukul975