A tool to help malware analysts signature unique parts of RTF documents
☆28Jan 5, 2026Updated last month
Alternatives and similar repositories for rtfsig
Users that are interested in rtfsig are comparing it to the libraries listed below
Sorting:
- Python 3 library to build YARA rules.☆13Oct 24, 2021Updated 4 years ago
- Steezy - Ghetto Yara Generation☆15Mar 27, 2023Updated 2 years ago
- Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".☆14Jul 12, 2021Updated 4 years ago
- Utility to scrape pastebin's incoming feed for known malware techniques☆20Feb 4, 2020Updated 6 years ago
- command line tool to use the DNSDB Flexible Search API extensions.☆16Aug 5, 2024Updated last year
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆29Jun 11, 2020Updated 5 years ago
- ☆98Oct 7, 2020Updated 5 years ago
- Collection of my own detection rules☆20Jan 6, 2026Updated last month
- A Maltego transform for VirusTotal vHash☆32Oct 12, 2019Updated 6 years ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆23Jan 31, 2024Updated 2 years ago
- The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.☆12Jun 18, 2021Updated 4 years ago
- Indicators of compromise relating to our report on APT10's targeting of global MSPs☆10Sep 26, 2017Updated 8 years ago
- YARA Language Server☆74Feb 3, 2026Updated last month
- A Simple CLI App to mark all EXCEL sheets visible (i.e. sets "Very Hidden" and "Hidden" to "Visible")☆11Apr 16, 2020Updated 5 years ago
- Passive DNS server interface compliant to "Common Output Format"☆10Sep 19, 2016Updated 9 years ago
- Provides a multi-platform Graphical User Interface for hashlookup☆12Jul 12, 2024Updated last year
- ☆13Jul 14, 2020Updated 5 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Sep 17, 2019Updated 6 years ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆111Apr 20, 2021Updated 4 years ago
- Command line tool for scanning streams within office documents plus xor db attack☆127Sep 23, 2023Updated 2 years ago
- Generate YARA rules for OOXML documents.☆38Jun 1, 2023Updated 2 years ago
- Yet another rule generator for Yara☆29Jun 6, 2025Updated 8 months ago
- Extracts indicators of compromise (IOCs), including domain names, IPv4 addresses, email addresses, and hashes, from text.☆11Dec 10, 2017Updated 8 years ago
- Simple Distributed IOC Scanner☆12Jul 27, 2015Updated 10 years ago
- ☆11Mar 12, 2021Updated 4 years ago
- A collection of my public YARA signatures for various malware families☆30Sep 20, 2024Updated last year
- Alphanumeric Encoder☆25Oct 10, 2018Updated 7 years ago
- IOCs for CRASHOVERRIDE malware framework☆27Jun 15, 2017Updated 8 years ago
- ☆27Aug 25, 2020Updated 5 years ago
- Exploits for YARA 3.7.1 & 3.8.1☆32Dec 20, 2018Updated 7 years ago
- Scan outlook inbox with yara rules,APIs and IOCs☆14Aug 3, 2018Updated 7 years ago
- Malice Office/OLE/RTF Plugin☆13Aug 29, 2018Updated 7 years ago
- My collection of scripts for Ghidra (https://github.com/NationalSecurityAgency/ghidra)☆10Sep 13, 2020Updated 5 years ago
- Minimal Indicator Storage System☆11Feb 8, 2021Updated 5 years ago
- Plugins for the Viper Framework☆14Sep 21, 2019Updated 6 years ago
- Automatic YARA rule generation for Malpedia☆168Sep 8, 2022Updated 3 years ago
- ☆15Jun 5, 2019Updated 6 years ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago
- suspect is a simple bash triage tool☆19Aug 30, 2018Updated 7 years ago