VT Code Similarity Yara Generator
This Yara generator utilizes VirusTotal's 'code-similar-to:' beta search modifier to extract code blocks from PE files and automatically generate a Yara signature, allowing for the hunting of similar APT samples with refined results using Kaspersky KTAE. It requires a VirusTotal Enterprise API key, Python 2/3, requests, and json. The tool accepts a PE file hash, queries VirusTotal for files sharing code blocks, and post-processes the results based on user-defined code block length and similarity score thresholds. It then collects code blocks, their offset, and filesize from each file to determine the file size range for the Yara rule, ranking the most popular code blocks for user selection.
FEATURES
SIMILAR TOOLS
Repository containing MITRE ATT&CK and CAPEC datasets in STIX 2.0 for cybersecurity threat modeling.
ZoomEye is an advanced cyberspace search engine that provides detailed information on cyberspace assets, including server software and version information, for cybersecurity experts, researchers, and enterprises.
In-depth analysis of real-world attacks and threat tactics
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A modular malware collection and processing framework with support for various threat intelligence feeds.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
Automated framework for collecting and processing samples from VirusTotal with YARA rule integration.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.