building-automated-malware-submission-pipeline

Featured

Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Building Automated Malware Submission Pipeline ## When to Use Use this skill when: - SOC teams face high volume of suspicious file alerts requiring sandbox analysis - Manual sandbox submission creates bottlenecks in alert triage workflow - Endpoint and email security tools quarantine files needing automated verdict determination - Incident response requires rapid malware family identification and IOC extraction **Do not use** for analyzing live malware samples in production environments — always use isolated sandbox infrastructure. ## Prerequisites - Sandbox environment: Cuckoo Sandbox, Joe Sandbox, Any.Run, or VMRay - VirusTotal API key (Enterprise for submission, free for lookup) - MalwareBazaar API access for known malware lookup - File collection mechanism: EDR quarantine API, email gateway export, network capture - Python 3.8+ with `requests`, `vt-py`, `pefile` libraries - Isolated analysis network with no production connectivity ## Workflow ### Step 1: Build File Collection Pipeline Collect suspicious files from multiple sources: ```python import requests import hashlib import os from pathlib import Path from datetime import datetime class MalwareCollector: def __init__(self, quarantine_dir="/opt/malware_quarantine"): self.quarantine_dir = Path(quarantine_dir) self.quarantine_dir.mkdir(exist_ok=True) def collect_from_edr(self, edr_api_url, api_token): """Pull quarantined files from CrowdStrike Falcon""" headers = {"Au...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

analyzing-malware-behavior-with-cuckoo-sandbox

Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.

12,642 Updated today
mukul975
Data & Documents Solid

malware-analysis--sandboxing

Static and dynamic malware analysis, YARA rule generation, sandbox configuration, behavioral profiling, and malware family classification

47 Updated today
Masriyan
Data & Documents Listed

malware-triage

Malware triage workflow — sandbox output analysis (CAPE/Hybrid-Analysis/ANY.RUN/Joe Sandbox), YARA rule scaffolding at pattern level, IOC extraction, and TTP mapping to MITRE ATT&CK. Sandbox-only discipline; do not detonate in production or without an isolated runtime.

4 Updated 1 weeks ago
roodlicht
AI & Automation Solid

analyzing-malware-sandbox-evasion-techniques

Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun behavioral reports

12,642 Updated today
mukul975
AI & Automation Featured

analyzing-network-traffic-of-malware

Analyzes network traffic generated by malware during sandbox execution or live incident response to identify C2 protocols, data exfiltration channels, payload downloads, and lateral movement patterns using Wireshark, Zeek, and Suricata. Activates for requests involving malware network analysis, C2 traffic decoding, malware PCAP analysis, or network-based malware detection.

12,642 Updated today
mukul975