VT Code Similarity Yara Generator
0
Free
This Yara generator utilizes VirusTotal's 'code-similar-to:' beta search modifier to extract code blocks from PE files and automatically generate a Yara signature, allowing for the hunting of similar APT samples with refined results using Kaspersky KTAE. It requires a VirusTotal Enterprise API key, Python 2/3, requests, and json. The tool accepts a PE file hash, queries VirusTotal for files sharing code blocks, and post-processes the results based on user-defined code block length and similarity score thresholds. It then collects code blocks, their offset, and filesize from each file to determine the file size range for the Yara rule, ranking the most popular code blocks for user selection.
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
A tool for extracting IOCs from various input sources and converting them into JSON format.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
Maltego transform pack for analyzing and graphing Honeypots using MySQL data.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
Intelligence feeds for cybersecurity professionals to stay informed about emerging threats and trends.
Commercial
LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.
A platform for accessing threat intelligence and collaborating on cyber threats.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security