Malware Language Monitor

Overview i

A live, read-only view into what languages and toolchains are trending across recent malicious activity — with local snapshots for change over time and global intelligence for broader context.

Language mix: Estimates primary language/tooling from sample metadata; shows share, deltas, and a rolling trend.

Rollups: Aggregate the last 6h/24h/7d to smooth hour-to-hour noise and surface real movement.

Global signals: Trending families/tags and common ATT&CK techniques from recent community intelligence.

Infrastructure context: Lightweight classification of delivery IPs to separate scanner “noise” from likely threats.

Safe by design: Works with metadata only — no malware binaries are downloaded or executed.

Note. Data refreshes in the UI automatically; new snapshots are written by your scheduled ingest job.
Disclaimer. Provided “as is” without any guarantees or warranties of any kind.

Share by Language i

Latest snapshot distribution

Top Languages (Bar) i

Relative comparison within the current view

Leaderboard (Δ vs previous) i

#	Language	Share	Δ	Count

Trend (Last 96 snapshots) i

Track sustained movements across snapshots

Overview i

Share by Language i

Top Languages (Bar) i

Leaderboard (Δ vs previous) i

Trend (Last 96 snapshots) i

MalShare 24h Types i

Top Families (24h) i

Delivery IP Classification i

OTX Trending Families i

MITRE ATT&CK (OTX) i

GreyNoise (from OTX IPs) i

MalShare Top Sources i

Top Open Ports (Delivery IPs) i

Top ASNs (Delivery IPs) i

Countries (Delivery IPs) i