R3MRUM / loki-parseLinks
A python script that can detect and parse loki-bot (malware) related network traffic. This script can be helpful to DFIR analysts and security researchers who want to know what data is being exfiltrated to the C2, bot tracking, etc...
☆13Updated 3 years ago
Alternatives and similar repositories for loki-parse
Users that are interested in loki-parse are comparing it to the libraries listed below
Sorting:
- a modified version base on Tracecorn☆20Updated 5 years ago
- This script is used for extracting DDE in docx and xlsx☆12Updated 7 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- IDA Pro plugin that rename functions on load, based on functionality☆19Updated 7 years ago
- Work Fast With the pattern matching swiss knife for malware researchers.☆38Updated 9 years ago
- CVE-2016-0040 Privilege Escalation Exploit For WMI Receive Notification Vulnerability (x86-64)☆14Updated 7 years ago
- Analysis PE file or Shellcode☆49Updated 8 years ago
- A Maltego transform for VirusTotal Submitter Information☆35Updated 6 years ago
- API functions for Malware Research☆35Updated 5 years ago
- Collection of my Python Scripts☆41Updated 4 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- TA505 unpacker Python 2.7☆47Updated 5 years ago
- Malware.lu configuration extractor☆25Updated 11 years ago
- Various snippets created during malware analysis☆22Updated 7 years ago
- Process HTTP Pcaps With YARA☆103Updated 11 years ago
- Yaras Random☆20Updated 6 years ago
- Volatility Framework plugin to detect various types of hooks as performed by banking Trojans☆41Updated 6 years ago
- Hansel - a simple but flexible search for IDA☆26Updated 5 years ago
- API Tracker by Cysinfo Team☆22Updated 8 years ago
- ☆22Updated 7 years ago
- Python based module to find common vulnerabilities which lead to Windows privilege escalation☆32Updated 8 years ago
- Use bitsadmin to maintain persistence and bypass Autoruns☆66Updated 7 years ago
- ☆51Updated 8 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Updated 5 years ago
- ☆43Updated 6 years ago
- Resolves DLL API entrypoints for a process w/ remote query capabilities.☆55Updated 8 years ago
- A collection of YARA signatures that I have found around the web.☆11Updated 9 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Modified edition of cuckoo community modules☆32Updated 5 years ago