Docker can be a useful tool for malware analysis. It can also be used to run coin miners and ddos bots. This repository is to document both tools for analyzing the structure of docker containers, identifying malicious containers and using containers for analyzing potentially malicious files.
See Contributing.
- docker_save_to_file - Standalone tool for downloding a docker image from DockerHub and saving to a local file
- container_detail.py - Python script to print the high level details of an exported container
- triage-binary - Quickly identify the presence of ATT&CK technique indicators. It can also be used for binary clustering when comparing samples of the same malware family.
- docker-image-extract - Minimal-dependency shell script to pull and extract all files from an image in Docker Hub
- dive - A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.
- Docker Containers for Malware Analysis - Using docker containers for analysis of malware
- Docker: How To Extract Image Filesystem Without Running Any Containers
- Analysis on Docker Hub malicious images: Attacks through public container images
- Building Dynamic Analysis Tools with Docker
- Analyzing How TeamTNT Used Compromised Docker Hub Accounts
- TeamTNT delivers malware with new detection evasion tool
- Malicious Docker Hub Container Images Used for Cryptocurrency Mining
I welcome PR / Issues. Easiest
* [Name](Link) - Description