The Australian Signals Directorate (ASD) has released Azul, a new open-source malware analysis platform to help enterprises and government agencies automate and scale the analysis of malicious code.
Developed for network defenders, incident responders, and security analysts, Azul is designed to handle tens of millions of malware samples.
Reverse-engineering malware manually can take hours to extract basic indicators of compromise (IOCs), days to understand functionality, and months to fully analyse entire malware families. Azul addresses this by turning common analysis tasks into automated plugins that can be executed as part of a structured workflow.
At its core, Azul combines a scalable repository with an analytical engine and tools to extract metadata, analyse binaries, and identify relationships between samples. Malware uploaded into the system can be automatically processed using scripts based on previous reverse-engineering efforts, enabling teams to extract IOCs and other artefacts without repeating manual work.
The platform also supports a wide range of static analysis tools, including archive decompression, analysis of Microsoft Office-based malware, and integration with detection technologies such as YARA rules and Snort signatures.
Importantly, ASD noted that Azul does not determine whether a file is malicious on its own. Instead, it is designed to complement existing detection and triage tools, such as sandbox environments, threat hunting workflows, and incident response processes.
The platform’s open-source release is intended to encourage collaboration across the cyber security community.
By making the code publicly available, ASD aims to help government and private-sector organisations build customised workflows, integrate additional analytical tools and share insights more easily.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.