Telekom Security Malware Analysis Repository Logo

Telekom Security Malware Analysis Repository

0
Free
Visit Website

This repository comprises scripts, signatures, and additional IOCs of our blog posts at the telekom.com blog as well as of our Twitter account. 2021-05-17: Let’s set ice on fire: Hunting and detecting IcedID infections (IcedID) 2021-07-14: LOCKDATA Auction – Another leak marketplace showing the recent shift of ransomware operators (CryLock) 2021-09-14: Flubot's Smishing Campaigns under the Microscope (Flubot/Teabot) 2021-10-29: #YARA rule for hunting XOR encrypted #PlugX / #Korplug payloads(PlugX) 2022-01-14: #100DaysOfYara Detect Hacktools that modify RDP settings (Hacktools) 2022-03-11: SystemBC YARA rule and extractor (SystemBC) 2022-03-18: #100DaysOfYara Detect Vatet Loader in backedoored Rufus([Defray777])(https://github.com/telekom-security/malware_analysis/tree/main/defray777) 2022-09-02: Raspberry Robin(IOCs)

FEATURES

ALTERNATIVES

A tool to locally check for signs of a rootkit with various checks and tests.

Kaitai Struct is a declarative language for describing binary data structures.

A simple JWT token brute force cracker

A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities

Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.

Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.

A multithreaded YARA scanner for incident response or malware zoos.

Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.