malware-detonation-platform Svelte Themes

Malware Detonation Platform

Naga is a next-gen malware sandbox with live screen recording, full TLS decryption, and real-time WebSocket streaming. Built with Go + Svelte, it spins up isolated VMs per detonation while enriching data with Suricata, YARA, CAPA, and MITRE ATT&CK tags. Modern UI, one-command Docker deploy.

Download

Overview

Naga is a next-generation malware analysis sandbox that combines deep network forensics, real-time visualization, and modern analyst-centric design. Unlike traditional sandboxes that produce static reports, Naga provides a live, interactive experience where analysts can watch malware detonate in real-time, see decrypted network traffic, and explore process behavior with MITRE ATT&CK mappings.

Core Philosophy

"Stop treating malware analysis like a batch job. Start treating it like a live investigation." Traditional sandboxes (Cuckoo, CAPE) produce reports after the fact. Naga delivers live streaming of the entire detonation process, allowing analysts to:

React immediately to suspicious behavior

Intercept and explore network traffic in real-time

Visualize process relationships as they form

Understand why something happened, not just what happened

Key Features

  1. 🖥️ Isolated QEMU/KVM Virtualization Each detonation runs in a fresh, isolated VM with full hardware emulation

Docker-wrapped deployment — one command to spin up the entire platform

Automatic VM lifecycle management: create, detonate, destroy, revert to clean state

  1. 🔓 Full TLS Decryption See the actual decrypted payload of HTTPS traffic, not just "443/tcp"

Transparent mitmproxy integration with automatic certificate injection

Certificate inspection and validation details in the UI

  1. 📹 Live Screen Recording Watch the malware execute in real-time via VNC stream

Video recording saved for post-analysis review

WebSocket-based streaming with minimal latency

  1. 🔍 Automated Enrichment Pipeline

Tool Purpose Suricata Network intrusion detection — alerts on malicious patterns YARA Signature-based file scanning — detect known malware families CAPA Capability detection — identify what malware can do MITRE ATT&CK Tactical mapping — tag behaviors with industry-standard TTPs

  1. 🔀 Interactive Process Tree
  2. Built from Sysmon telemetry (Event ID 1, 3, 7)

Full parent-child process relationships

MITRE ATT&CK tags automatically applied to suspicious processes

Hover for details: PID, command line, detected techniques

Top categories

tailwinddaisyuiadmin templatepopupmdsvexportfolioblogformecommerceuicarouselauthdarkseoimagerouting
Loading Svelte Themes