malware_analysis icon indicating copy to clipboard operation
malware_analysis copied to clipboard

Published 20 hours ago verified publisher icon telekom-security

Metadata

This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.

Results 3 malware_analysis issues
Sort by recently updated
recently updated
newest added

refactor: a few changes to improve coverage

Changes that allow it to match on - small PE files with a few of the strings - memory (by removing `filesize` restriction) - reduce the number of strings by...

Neo23x0 avatar Neo23x0

`Binary.bz.WrappedSetupProgram` is a cab file

3 comment

`Binary.bz.WrappedSetupProgram` is a cab file not a plaintext test sample : 0e01bad874c61d09d09ce06f76f5e46f6648a1fc943644874c8e1a53a93af9a7

vest12385 avatar vest12385

Java class files and plugx false positives

Would it make sense to add a little check in https://github.com/telekom-security/malware_analysis/blob/main/plugx/plugx_mustang_panda.yar to not scan java class files? This rule is very often giving false positives on java class files. They...

lars-solberg avatar lars-solberg

Metadata

105
Stars
14
Forks
Watchers

Owner

verified publisher icon telekom-security

Metadata

This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.

Back