MalwareZoo - Private Malware Repository

Cosive’s SaaS malware repository, MalwareZoo, is powered by Assemblyline 4 and for teams who want to automatically analyse and safely store sensitive malware on a private, segregated system.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Private, segregated and automated malware analysis.

Safely analyse and store highly sensitive malware, including custom malware targeting your organisation or your customers, without ever sharing it beyond your organisation.

Safely store and analyse custom malware and maldocs

Security teams are increasingly faced with unique, targeted malware and maldocs designed to evade defences in novel ways.

You need to analyse risky files so you can understand and defend against them. However, because they may be targeted to your organisation and contain identifying information, you may not want to share it with public analysis tools like VirusTotal, or with external organisations like antivirus providers.

MalwareZoo gives your team a privacy-preserving, segregated, and secure place to store and analyse malware samples.

Your team can upload custom malware samples to the zoo for automated analysis, risk scoring, and suspicious / malicious verdicts in a way you can control.

In some cases you can check for hashes or upload malware samples to VirusTotal. In others you can choose to keep samples totally private.

Create modular analysis workflows

MalwareZoo, powered by Assemblyline4, contains a wide array of best in breed analysis tools. These can be chained together to do things like:

  • Run malware through your own custom YARA rules as well as community rules
  • Detect suspicious and benign signatures and behaviours
  • Detonate malware in your existing sandboxes
  • Extract configurations from the malware family/toolkit
  • Analyse similarity with other malware samples
  • Get custom risk scores and verdicts on whether files are malicious, suspicious, or safe, without ever sharing the sample

Built on Assemblyline 4

MalwareZoo is powered by Assemblyline 4, a scalable file artifact triage and analysis system built and maintained as an open source project by the Cyber Centre Canada.

Assemblyline is a powerful, scalable system that runs on Kubernetes. Deploying, securing, and maintaining a complex system like Assemblyline 4 isn’t for everyone. We can deploy a new, private instance for you using our infrastructure as code (IaC) patterns and maintain them so you can focus on your core mission: collecting and analysing malware and defending your organisation.

Access MalwareZoo via an API and Web UI

Send and fetch samples, execute analyses and build modular automation pipelines via a robust API or via the web UI. Both the API and UI offer granular access control and permissions.

Private & segregated infrastructure

We provide you with a private instance of MalwareZoo on our secure, dedicated, single-tenant AWS infrastructure suitable for secure storage of highly sensitive samples. This means your malware samples will never be stored on shared infrastructure.

Improve malware analysis hygiene and reduce risk by storing samples outside your corporate network. We will take care of DR, monitoring, and reliability of your malware instance.

Integrates seamlessly with MISP

MalwareZoo integrates seamlessly with MISP, including CloudMISP instances. The workflow is:

  •  A MISP analyst identifies SHA256 file hashes of interest in MISP
  • The analyst (or an automated process) tags them for analysis.
  • MISP sends an analysis request to  Assemblyline, requesting it fetches and stores the matching sample from VirusTotal if available.
  •  Our integration pushes the results of Assemblyline’s analysis results back to your MISP instance while avoiding storing malware samples directly in MISP.

This allows some of your analysis to purely use MISP to check on file hashes, and others to access Assemblyline in a read-only fashion without access to samples. Trained malware analysts get full access to all analysis features and samples.

Get ongoing guidance and fast technical support SLAs

This includes a detailed user guide and dedicated Slack channel with our team so you can get the most out of MalwareZoo.


MalwareZoo is an enterprise-grade fully managed service. Your annual MalwareZoo licence will include frequent upgrades and custom configuration of your instance, as well as ongoing support and guidance from our team of security engineers.

We tailor annual pricing plans based on your specific needs and use case. Please submit an expression of interest or schedule a call with one of our security engineers below so we can prepare a custom quote for you.