Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy ope-rationalization of YARA rules and other indicators of compromise. Users need to bring their own rule sets. The awesome-yara repository gives a good overview of free yara rule sets …
Tag Archives: IOC
Fenrir : Simple Bash IOC Scanner
Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs): HashesMD5, SHA1 and SHA256 (using md5sum, sha1sum, sha -a 256) File Namesstring – checked for substring of the full path, e.g. “temp/p.exe” in “/var/temp/p.exe” Stringsgrep in files C2 Serverchecking for C2 server strings in ‘lsof …
IOCExtract : Advanced Indicator Of Compromise (IOC) Extractor
IOCExtract is an advanced Indicator of Compromise (IOC) extractor. This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes some encoded and “defanged” IOCs in the output, and optionally decodes/refangs them. The Problem It is common practice for malware analysts or endpoint software to “defang” IOCs such …
Continue reading “IOCExtract : Advanced Indicator Of Compromise (IOC) Extractor”