ITAYC0HEN / APT-Ecosystem
This repository contains the website and the tools which are part of the joint research between Check Point Research and Intezer to map the connections inside the APT Ecosystem of Russia.
☆108Updated 4 years ago
Related projects: ⓘ
- Personal compilation of APT malware from whitepaper releases, documents and own research☆253Updated 5 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- ☆134Updated 5 years ago
- A Yara rule generator for finding related samples and hunting☆155Updated 2 years ago
- ☆237Updated this week
- snake - a malware storage zoo☆217Updated last year
- ☆95Updated 3 years ago
- Miscellaneous Malware RE☆195Updated 2 years ago
- A tool for de-obfuscating PowerShell scripts☆65Updated 5 years ago
- Malware Sinkhole List in various formats☆102Updated 2 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆78Updated 3 years ago
- Static based decoders for malware samples☆93Updated 4 years ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- Automated Tactics Techniques & Procedures☆251Updated last year
- Django web interface for managing Yara rules☆189Updated 6 years ago
- Telsy CTI Research Team☆57Updated 3 years ago
- Lazy Office Analyzer☆118Updated 7 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆123Updated 6 years ago
- A repo to document API functions mapped to security events across diverse platforms☆74Updated 4 years ago
- Toolset for research malware and Cobalt Strike beacons☆205Updated last year
- Automatic YARA rule generation for Malpedia☆152Updated 2 years ago
- A collection of infosec related scripts and information.☆53Updated last week
- A VBA parser and emulation engine to analyze malicious macros.☆90Updated this week
- A mapping of used malware names to commonly known family names☆61Updated last year
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆206Updated 5 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆114Updated 3 years ago
- ☆121Updated 2 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆128Updated last year
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆94Updated 3 months ago
- Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malici…☆80Updated 6 years ago