Telekom Security Malware Analysis Repository

A disassembly framework with support for multiple hardware architectures and clean API.

This Repository Contains Scripts, Signatures, and IOCs from Our Blog Posts

This repository contains scripts, signatures, and additional Indicators of Compromise (IOCs) from our blog posts on the telekom.com blog, as well as from our Twitter account. Here are some notable entries: 2021-05-17: Let’s set ice on fire: Hunting and detecting IcedID infections (IcedID) 2021-07-14: LOCKDATA Auction – Another leak marketplace showing the recent shift of ransomware operators (CryLock) 2021-09-14: Flubot's Smishing Campaigns under the Microscope (Flubot/Teabot) 2021-10-29: #YARA rule for hunting XOR encrypted #PlugX / #Korplug payloads (PlugX) 2022-01-14: #100DaysOfYara Detect Hacktools that modify RDP settings (Hacktools) 2022-03-11: SystemBC YARA rule and extractor (SystemBC) 2022-03-18: #100DaysOfYara Detect Vatet Loader in backdoored Rufus ([Defray777])(https://github.com/telekom-security/malware_analysis/tree/main/defray777) 2022-09-02: Raspberry Robin (IOCs)

Other AI Tools

Proxmark 3

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.

Details

Preparing for Red Team at PRCCDC 2015

Emulates Docker HTTP API with event logging and AWS deployment script.

Details

Practical Guide to NTLM Relaying in 2017

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Details

Project Zero iPhone Messaging Tools

MiniCPS is a framework for Cyber-Physical Systems real-time simulation with support for physical process and control devices simulation, and network emulation.

Details

Projectdiscovery.io | Chaos

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Details