Home

Awesome

Malquarium - A modern malware repository

Malquarium is a web based malware repository tool built on modern web technologies with the follwoing goals in mind:

See it in action at https://malquarium.org

Installation

Requirements

A Linux system. Tested on Ubuntu 18.04, but should work everywhere.

Malquarium requires Docker to run it's binary analyzer modules. If you decide to run the backend and frontend outside of Docker containers, the user which runs the backend needs to be in the docker group because the backend needs to launch containers on demand.

The Backend Database must be PostgreSQL 9+ which can run in a container or outside of Docker.

Installation using Docker

Use this setup to run everything in Docker containers, the fastest way to get it up and running. There are 2 docker-compose files, one which includes the database, the other not.

Change at least the following parameters to get your Malquarium up and running

Service malquarium-backend

ParameterValueDescription
volumes/data/malquarium/samples:/data/samplesPersistend volume of the sample binaries. Change the path if your samples are not at /data/malquarium/samles
volumes/usr/bin/docker:/bin/dockerPass the docker binary to the backend. Change to the output of which docker if it's not /usr/bin/docker
DJANGO_SECRET_KEYYour random Django secret keyYou can generate one with ```head /dev/urandom
OUTER_SAMPLE_STORE/data/malquarium/samplesThe path where your samples are on the host, not inside the container. Needed for the binary analysis containers. Must be the same as the left part of the corresponding volumes setting

Service malquarium-backend

ParameterValueDescription
volumes/data/malquarium/db:/var/lib/postgresql/dataPersistend volume of the database. Change the path if your database files are not at /data/malquarium/db

Start the containers

docker-compose up

The web frontend will be available on http://localhost:8080

Configuration

You can use the Django admin GUI to change all settings: http://localhost:8080/admin/