A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
This Yara generator utilizes VirusTotal's 'code-similar-to:' beta search modifier to extract code blocks from PE files and automatically generate a Yara signature, allowing for the hunting of similar APT samples with refined results using Kaspersky KTAE. It requires a VirusTotal Enterprise API key, Python 2/3, requests, and json. The tool accepts a PE file hash, queries VirusTotal for files sharing code blocks, and post-processes the results based on user-defined code block length and similarity score thresholds. It then collects code blocks, their offset, and filesize from each file to determine the file size range for the Yara rule, ranking the most popular code blocks for user selection.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
Generate Bro intel files from pdf or html reports.
Tool for dataviz and statistical analysis of threat intelligence feeds, presented in cybersecurity conferences for measuring IQ of threat intelligence feeds.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
A serverless application for creating and monitoring URL tokens with threat intelligence and customizable alerts.