Simone Berni
Simone Berni
Hi guys! **Is your feature request related to a problem? Please describe.** Right now I don't think that is possible in a clear to way to specify a group of...
## Name Opensource Yara Rules made by elasticTeam ## Link https://github.com/elastic/protections-artifacts/tree/main/yara/rules ## Type of analyzer **this can be observable, file, and docker** File ## Why should we use it ##...
We can retrieve more information about the infrastructure behind a domain using [WAD](https://github.com/CERN-CERT/WAD). Since it is actually contacting the domain, we should add the `leak_info` flag in the configuration.
Right now intelowl saves a file _for every job_. Meaning that, if the same file is analyzed more than once, we are wasting disk space. We can create another model,...
Hi guys! I have absolutely no idea if you even would consider this use case that at my Organization we were facing, but let me try anyway. We are currently...
Hi, I have inserted XlmMacroDeobfuscator inside IntelOwl (https://github.com/intelowlproject/IntelOwl/pull/196) to have a better understanding of the malware campaigns that are running these days in Italy. To have a report, i'm abusing...
Using binee to test the malware with md5 ```dcb14f117a32b786ff1506dc80f23370```, the execution crashed with the following error: ``` [1] 0x212fc5d0: F kernel32.dll:GetSystemTimeAsFileTime(lpSystemTimeAsFileTime = 0xb7feffec) = 0xb7feffec [1] 0x21303350: P kernel32.dll:GetCurrentProcessId() =...
I know its a pay-for-use feature of Atlas, but since a lot of new projects are starting to use that, I think that is reasonable (not considering the hard work...
Hi guys! I was using pyelftools to analyze some malware and I encountered an error with some ARM samples: - 56bebd4b9558bb9f539022bd2c5e40aecfa8d59c09784de61d1ba92766e2a30b - 2e5d2159b8a118f7a6a37ab28d1105b56021e46318193c1ef7cb41c5f4555896 The samples are present on both VirusTotal...
## What happened Bring up application, the environment key of Analyzer X is not set Check that X is not configured on the GUI Bring down the application Add the...