Ghostboard pixel

Australia's Cyber Agency Releases Azul, an Open Source Malware Analysis Repository

Think of it as a searchable, automated knowledge base for malware.
Sourav Rudra
2 min read
Warp Terminal

The Australian Signals Directorate (ASD) has released Azul, a malware analysis platform built for reverse engineers and incident responders. It is the first public release of the tool, which is now on v9.0.0.

ASD is Australia's signals intelligence agency, which operates under the Department of Defence. Its Australian Cyber Security Centre (ACSC) handles national cybersecurity guidance and incident response.

Keep in mind that Azul is not a triage tool and does not identify whether a file is malicious. Samples should first be flagged using a tool like the Canadian Centre for Cyber Security's AssemblyLine before being fed into Azul.

an azul implementation is showcased here with details of a selected binary visible
This demo image of Azul was sourced from the documentation.

The platform is built using Python, Golang, and TypeScript. It runs on Kubernetes via Helm chart templates, uses Apache Kafka for event queuing, and stores samples in an S3-compatible object store.

Monitoring and alerting are supported through Prometheus, Loki, and Grafana. Azul also ships with a web interface, an HTTP REST API, and a headless client for integration with external systems.

It supports YARA rules, Snort signatures, and the Maco framework for malware configuration extraction. Malware sample access is controlled via OpenID Connect.

The Components

Azul has three main components. The malware repository stores samples with origin metadata, including hostnames, filenames, network details, and timestamps, and is designed to retain everything indefinitely provided ample storage is provided.

The analytical engine lets teams turn reverse engineering work into reusable plugins that run automatically. When a plugin is updated, it can be re-run against historical samples, which can surface new findings from past incidents.

The clustering suite uses OpenSearch to find patterns across samples, helping analysts identify shared infrastructure, development patterns, and behavioral similarities. It also pulls in data from industry reporting to strengthen those findings.

The Source Code

The source code for Azul can be found on GitHub, licensed under MIT. The repository includes a README to get you started. Full documentation covering installation and developer guides is hosted on the official Azul docs portal.

Azul

Suggested Read 📖: Reverse Engineering Linux Distro REMnux Marks 15 Years

Reverse Engineering Linux Distro REMnux Marks 15 Years With Major v8 Release Featuring AI Agent Support
Malware analysis Linux distro gets Ubuntu 24.04 base, a new installer, and many new tools.
It's FOSSSourav Rudra
News
About the author
Sourav Rudra

Sourav Rudra

A nerd with a passion for open source software, custom PC builds, motorsports, and exploring the endless possibilities of this world.

Read next

Ladybird Browser Just Ported C++ Code to Rust in 2 Weeks Thanks to AI

US State Colorado Wants Operating Systems (Inlcuding Linux) to Tell Every App How Old You Are

Serious About Learning Linux? Get 15 O'Reilly Linux and DevOps eBooks for Under $25

KDE Plasma 6.6 Turns Spectacle Into an OCR Tool and Ships a New Setup Wizard

Think You're Digitally Sovereign? Red Hat Built a Tool to Find Out

Become a Better Linux User

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world

itsfoss happy penguin

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.