R3MRUM / loki-parse
A python script that can detect and parse loki-bot (malware) related network traffic. This script can be helpful to DFIR analysts and security researchers who want to know what data is being exfiltrated to the C2, bot tracking, etc...
☆13Updated 3 years ago
Alternatives and similar repositories for loki-parse:
Users that are interested in loki-parse are comparing it to the libraries listed below
- This script is used for extracting DDE in docx and xlsx☆12Updated 7 years ago
- A Maltego transform for VirusTotal Submitter Information☆32Updated 5 years ago
- Various snippets created during malware analysis☆22Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- a modified version base on Tracecorn☆20Updated 5 years ago
- TA505 unpacker Python 2.7☆47Updated 4 years ago
- Collection of my Python Scripts☆41Updated 4 years ago
- Volatility Framework plugin to detect various types of hooks as performed by banking Trojans☆40Updated 6 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Work Fast With the pattern matching swiss knife for malware researchers.☆36Updated 8 years ago
- ☆22Updated 7 years ago
- Resolves DLL API entrypoints for a process w/ remote query capabilities.☆53Updated 7 years ago
- Python based module to find common vulnerabilities which lead to Windows privilege escalation☆32Updated 8 years ago
- Script to extract malicious payload and decoy document from CVE-2015-1641 exploit documents☆23Updated 8 years ago
- API functions for Malware Research☆35Updated 5 years ago
- Automatically exported from code.google.com/p/malware-lu☆55Updated 5 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 7 years ago
- Analysis PE file or Shellcode☆49Updated 8 years ago
- IDA Pro plugin that rename functions on load, based on functionality☆19Updated 6 years ago
- Making shellcode UD - https://osandamalith.com☆24Updated 8 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 6 years ago
- POSHSPY backdoor code☆43Updated 7 years ago
- Python OpenIOC Editor☆18Updated 9 years ago
- ☆51Updated 7 years ago
- An offensive Powershell console☆30Updated 9 years ago
- Tools to enumerate Windows Firewall Hook Drivers on Windows 2000, XP and 2003☆20Updated 9 years ago