Audit Node Modules With YARA Rules

#Threat Defense#Vulnerability Management

A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.

The Purpose of This Tool for Analyzing Node Modules

The purpose of this tool is to execute a specified set of YARA rules against the provided node_module folder. By using this method, we can create YARA rules that help identify suspicious scripts that may be injected into node packages. This tool is primarily inspired by the following articles: Malicious packages in npm, Malicious NPM packages target Amazon, Slack with new dependency attacks, and Hunting malicious NPM packages.

Integrating This Package into the CI/CD Pipeline

Software Requirements: Docker, Docker Compose, Makefile

How to Use the Repository

Clone this repository. Then, run the audit operation using the `make` command. The report will be available in `artifacts/output.json`.

Other AI Tools

Pulsedive

SecurityTrails API provides access to a vast repository of historical DNS lookups, WHOIS records, hostnames, and domains for cyber forensics and investigations.

Details

pytm

Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.

Details

Python IOC Editor v0.9.8

A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.

Details

PyIntelOwl

A daily collection of IOCs from various sources, including articles and tweets.

Details

QRadio

CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.

Details