TRISIS / TRITON / HatMan Malware Repository Logo

TRISIS / TRITON / HatMan Malware Repository

0
Free
Visit Website

This repository contains original samples and decompiled sources of malware attacking commonly used in Industrial Control Systems (ICS) Triconex Safety Instrumented System (SIS) controllers. Each organization describing this malware in reports used a different name (TRISIS/TRITON/HatMan). For more information scroll to 'Learn More'. Folder original_samples contains original files used by the malware that could be found in the wild: - trilog.7z MD5: 0b4e76e84fa4d6a9716d89107626da9b - trilog.exe MD5: 6c39c3f4a08d3d78f2eb973a94bd7718 - library.7z MD5: 76f84d3aee53b2856575c9f55a9487e7 - library.zip MD5: 0face841f7b2953e7c29c064d6886523 - imain.7z MD5: d173e8016e73f0f2c17b5217a31153be - imain.bin MD5: 437f135ba179959a580412e564d3107f - inject.7z MD5: 80fdda5ea7eec98bfdd07fec8f644c2d - inject.bin MD5: 0544d425c7555dc4e9d76b571f31f500 - all.7z MD5: c382f242f62a3c5f4aab2093f6e0fb2f All archives are secured with password: infected Folder decompiled_code contains decompiled python files, originating from trilog.exe file and library.zip archive described above: - Origin: trilog.exe - Result: script_test.py - Method: N/A

FEATURES

ALTERNATIVES

Repository of scripts, signatures, and IOCs related to various malware analysis topics.

OCaml wrapper for YARA matching engine for malware identification

Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.

A modified version of Cuckoo Sandbox with enhanced features and capabilities.

A deserialization payload generator for .NET formatters

A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.

Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.

Java decompiler GUI tool for Procyon under Apache License.