ioc_writer by mandiant

None

updated at Aug. 18, 2024, 4:42 p.m.

40 +0

200 +0

61 +0

mnemosyne by johnnykv

Normalizer for honeypot data.

updated at Sept. 1, 2024, 3:48 p.m.

8 +0

45 +0

39 +0

PyIOCe by pidydx

Python OpenIOC Editor

updated at Sept. 6, 2024, 1:49 p.m.

3 +0

17 +0

7 +0

generic-parser by uppusaikiran

A Single Library Parser to extract meta information,static analysis and detect macros within the files.

updated at Sept. 6, 2024, 1:52 p.m.

1 +0

1 +0

0 +0

Malfunction by Dynetics

Malware Analysis Tool using Function Level Fuzzy Hashing

updated at Sept. 6, 2024, 1:52 p.m.

26 +0

191 +0

35 +0

packerid by sooshie

None

updated at Sept. 6, 2024, 1:53 p.m.

5 +0

42 +0

9 +0

yara-finder by uppusaikiran

Simple tool to find the yara matches on a file

updated at Sept. 6, 2024, 1:53 p.m.

1 +0

1 +0

0 +0

malpdfobj by 9b

Builds json representation of PDF malware sample

updated at Sept. 6, 2024, 2:23 p.m.

8 +0

52 +0

16 +0

pdfxray_lite by 9b

Lite version of PDF X-RAY that uses no backend

updated at Sept. 6, 2024, 2:23 p.m.

7 +0

35 +0

9 +0

ROPMEMU by Cisco-Talos

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

updated at Sept. 6, 2024, 2:50 p.m.

32 +0

284 +0

42 +0

DAMM by 504ensicsLabs

Differential Analysis of Malware in Memory

updated at Sept. 6, 2024, 3:06 p.m.

31 +0

209 +0

48 +0

muninn by ytisf

A short and small memory forensics helper.

updated at Sept. 6, 2024, 3:06 p.m.

11 +0

52 +0

9 +0

TotalRecall by sketchymoose

Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.

updated at Sept. 6, 2024, 3:07 p.m.

14 +0

49 +0

9 +0

CryptoKnight by AbertayMachineLearningGroup

Cryptographic Dataset Generation & Modelling Framework

updated at Sept. 6, 2024, 3:08 p.m.

6 +0

38 +0

12 +0

malware-organiser by uppusaikiran

A simple tool to organise large malicious/benign files into a organised Structure.

updated at Sept. 6, 2024, 3:09 p.m.

1 +0

1 +0

0 +0

python-icap-yara by RamadhanAmizudin

An ICAP Server with yara scanner for URL and content.

updated at Sept. 24, 2024, 6:46 p.m.

6 +0

57 +0

13 +0

python-evt by williballenthin

Pure Python parser for classic Windows Event Log files (.evt)

updated at Sept. 24, 2024, 6:49 p.m.

6 +0

48 +0

11 +0

sflock by hatching

Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.

updated at Sept. 24, 2024, 6:52 p.m.

12 +0

83 +0

46 +0

MalPipe by silascutler

Malware/IOC ingestion and processing engine

updated at Oct. 1, 2024, 7:29 p.m.

11 +0

103 +0

24 +0

malwarehouse by sroberts

A warehouse for your malware

updated at Oct. 3, 2024, 5:11 a.m.

22 +0

133 +0

43 +0