HAWK
Multi-cloud antivirus scanning API with CLAMAV and YARA support for AWS S3, Azure Blob Storage, and GCP Cloud Storage.
This repository contains original samples and decompiled sources of malware attacking commonly used in Industrial Control Systems (ICS) Triconex Safety Instrumented System (SIS) controllers. Each organization describing this malware in reports used a different name (TRISIS/TRITON/HatMan). For more information scroll to 'Learn More'. Folder original_samples contains original files used by the malware that could be found in the wild: - trilog.7z MD5: 0b4e76e84fa4d6a9716d89107626da9b - trilog.exe MD5: 6c39c3f4a08d3d78f2eb973a94bd7718 - library.7z MD5: 76f84d3aee53b2856575c9f55a9487e7 - library.zip MD5: 0face841f7b2953e7c29c064d6886523 - imain.7z MD5: d173e8016e73f0f2c17b5217a31153be - imain.bin MD5: 437f135ba179959a580412e564d3107f - inject.7z MD5: 80fdda5ea7eec98bfdd07fec8f644c2d - inject.bin MD5: 0544d425c7555dc4e9d76b571f31f500 - all.7z MD5: c382f242f62a3c5f4aab2093f6e0fb2f All archives are secured with password: infected Folder decompiled_code contains decompiled python files, originating from trilog.exe file and library.zip archive described above: - Origin: trilog.exe - Result: script_test.py - Method: N/A
Multi-cloud antivirus scanning API with CLAMAV and YARA support for AWS S3, Azure Blob Storage, and GCP Cloud Storage.
A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
Define and validate YARA rule metadata with CCCS YARA Specification.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.