CERT-Polska / ursadb
Trigram database written in C++, suited for malware indexing
☆123Updated last year
Related projects: ⓘ
- Generating YARA rules based on binary code☆198Updated 2 years ago
- Automatically generate AV byte signatures from sets of similar binaries.☆256Updated 7 months ago
- Various Yara signatures (possibly to be included in a release later).☆83Updated 5 years ago
- A Yara rule generator for finding related samples and hunting☆155Updated 2 years ago
- Parsing of YARA rules into AST and building new rulesets in C++.☆115Updated 2 weeks ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆72Updated 2 years ago
- A mapping of used malware names to commonly known family names☆61Updated last year
- Automatic YARA rule generation for Malpedia☆152Updated 2 years ago
- Parse YARA rules and operate over them more easily.☆172Updated 2 months ago
- Alternative YARA scanning engine☆66Updated 2 years ago
- ☆80Updated 4 years ago
- zer0m0n driver for cuckoo sandbox☆87Updated 8 years ago
- Tools for parsing rulesets using the exact grammar as YARA. Written in Go.☆80Updated last year
- A VBA parser and emulation engine to analyze malicious macros.☆90Updated this week
- This project aims at simplifying Windows API import recovery on arbitrary memory dumps☆239Updated last year
- A taxonomy and dictionary of malware behaviors.☆42Updated 5 years ago
- Set of Yara rules for finding files using magics headers☆134Updated 4 years ago
- ☆57Updated 3 years ago
- Symbol hash for ELF files☆100Updated 2 years ago
- Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.☆82Updated 9 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆70Updated last month
- List of tools to assist in analyzing samples of ISFB/Gozi/Ursnif☆15Updated 5 years ago
- Malware similarity platform with modularity in mind.☆75Updated 3 years ago
- unXOR will search a XORed file and try to guess the key using known-plaintext attacks.☆141Updated 4 years ago
- Creating function call graphs based on radare2 framwork, plot fancy graphs and extract behavior indicators☆85Updated 7 years ago
- ☆121Updated 2 years ago
- BASS - BASS Automated Signature Synthesizer☆172Updated 6 years ago
- Automated malware unpacker☆118Updated 8 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆128Updated last year
- MWDB exercises☆19Updated 3 months ago