Church of Malware

Overview

Church of Malware (churchofmalware.org) is a curated malware reference library styled as archival scripture. It indexes samples, family lineage, and researcher writeups in a browsable corpus rather than a raw drop zone.

The site organizes materialized into books/chapters metaphor—scripture sections map to families, variants, and historical notes. Useful when tracing evolution between strains or finding primary-source descriptions when VT hashes are dead.

Researchers use it for contextual background before deep RE: behavior summaries, naming conventions, and cross-links to related families. Not a substitute for dynamic analysis or sandbox reports.

Content is researcher-oriented; verify hashes independently before execution in any lab. Licensing and download terms vary by entry.

Primary use cases

• Historical malware family research and lineage tracing
• Finding writeups when public sandboxes lack narrative context
• Teaching malware taxonomy with indexed references
• Cross-referencing family names across intel sources

Detection / defense notes

• Treat all linked samples as malicious; isolate lab execution
• Block outbound C2 if analyzing live configs from archived samples

Related tools

• VX Underground — Malware archive and threat intel repository. Historical samples, papers, and community-sourced collections. Primary source for offline malware research.
• YARA — Malware identification language. String/hex patterns with boolean conditions over scanned files.
• Ghidra — Reverse engineering IDE. Disassembly, decompilation, scripting, and binary diffing.