Investigator Use
Malpedia is a curated malware knowledge base maintained by Fraunhofer FKIE that provides structured intelligence about malware families, threat actors, and related indicators of compromise. The library contains detailed profiles of thousands of malware families, including technical descriptions, YARA rules, samples, and attribution to known threat actor groups.
For OSINT investigators and threat intelligence analysts, Malpedia is the authoritative reference when researching a specific malware family encountered during an investigation. When malware analysis surfaces a family name or when threat intelligence reports reference specific malware, Malpedia provides the structured context needed to understand its capabilities, origin, associated threat actors, and known variants.
The platform's threat actor mapping is particularly valuable for attribution work. Malpedia links malware families to the threat groups known to use them, drawing from academic research, vendor intelligence, and law enforcement disclosures. When malware is identified in an incident, the associated threat actor profiles help analysts understand likely objectives, targets, and TTPs.
YARA rule repositories in Malpedia allow investigators to search for strings and patterns characteristic of specific malware families across other samples or systems. This is useful for hunting similar infections across a larger dataset or for writing detection signatures.
The samples section provides access to malware samples for authorized researchers, enabling direct behavioral analysis in controlled environments. This is appropriate for malware researchers with proper sandboxing infrastructure and legal authority to possess the samples.
For OSINT investigations that touch on nation-state activity or advanced persistent threats, Malpedia's structured threat actor profiles — including known aliases across different vendor naming conventions — are essential for maintaining analytical clarity when different sources use different names for the same group.
Registration is required for full access to Malpedia's sample database. The library section and many indicator resources are publicly accessible. Always operate within legal boundaries when downloading malware samples and document any samples accessed with full chain of custody records.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
CVE
Cyber Threat OSINT
CVE provides standardized vulnerability identifiers and references used in security research, triage, and threat intelligence workflows.
CVE Details
Cyber Threat OSINT
CVE Details aggregates vulnerability records, CVSS scores, and affected software lists for security analysis and patch prioritization.
Default Passwords
Cyber Threat OSINT
Find default passwords and credentials for routers, printers, servers, and network devices for authorized security auditing.
Exploit DB
Cyber Threat OSINT
The Exploit Database archives public exploits and proof-of-concept code for known vulnerabilities, used in penetration testing and research.
Honey DB
Cyber Threat OSINT
HoneyDB aggregates honeypot sensor data to identify malicious IP addresses, attacker tactics, and emerging threat patterns.
Hybrid analysis
Cyber Threat OSINT
Hybrid Analysis provides free malware sandboxing with Falcon Sandbox technology to analyze suspicious files and URLs for threat intelligence.