malware-ioc
PEpper
Our great sponsors
malware-ioc | PEpper | |
---|---|---|
6 | 2 | |
1,503 | 302 | |
1.7% | - | |
6.9 | 0.0 | |
18 days ago | 11 months ago | |
YARA | YARA | |
BSD 2-clause "Simplified" License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
malware-ioc
-
What are your go-to websites to read cybersecurity news in 2023?
www.welivesecurity.com
-
Learning To Learn IT Security
WeLiveSecurity And many more.
- Open source tools and DFIR Tryhackme equivalents
-
Historic IOCs from previous APT campaigns
There are some here: https://github.com/eset/malware-ioc
-
This Linux malware is hijacking supercomputers across the globe
kabolos
-
New Linux malware steals SSH credentials from supercomputers
IOCs
PEpper
-
Identifying packers, crypters or protectors
As others have mentioned, looking at entropy is a good metric to generically determine whether or not a given sample is being packed / obfuscated in some way. Doing static analysis on the binary format itself (I'm assuming PE for Windows is the goal) is also useful, such as checking whether or not a section's raw size on disk is much smaller than the virtual size allocated in-memory for that section, which is a reliable indication of packing behavior. This project looks useful for introspecting such behaviors.
- blackeko/PEpper - An open source script to perform malware static analysis on Portable Executable
What are some alternatives?
awesome-yara - A curated list of awesome YARA rules, tools, and people.
Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
yara - The pattern matching swiss knife
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
signature-base - YARA signature and IOC database for my scanners and tools
Qu1cksc0pe - All-in-One malware analysis tool.
intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Loki - Loki - Simple IOC and YARA Scanner
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
reversinglabs-yara-rules - ReversingLabs YARA Rules
Malware-IOCs