Deep Instinct

All

27 repositories

DCOMUploadExec
Public
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
C++
•39•289•0•0•Updated Dec 13, 2024Dec 13, 2024
ShimMe
Public
C++
•18•133•2•0•Updated Oct 29, 2024Oct 29, 2024
NoFilter
Public
C
•48•296•2•0•Updated Oct 29, 2024Oct 29, 2024
UAC-0099-Targeting_UA
Public
UAC-0099 is a threat actor that targets Ukraine since mid-2022
1•3•3•0•Updated Dec 21, 2023Dec 21, 2023
Israel-Cyber-Warfare-Threat-Actors
Public
Updated Repository for the Cyber Community Regarding Cyber Threats Affecting Israel
2•10•1•0•Updated Nov 21, 2023Nov 21, 2023
LnkMaker-IOCs
Public
LnkMaker used by APT37 - IOCs
1•1•0•0•Updated Sep 27, 2023Sep 27, 2023
Rusty-Flag-DecryptData
Public
A tool to decrypt the information sent by the Rusty Flag malware to the C2
Rust
•1•1•0•0•Updated Sep 14, 2023Sep 14, 2023
ContainYourself
Public
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
C++
•38•303•1•0•Updated Aug 31, 2023Aug 31, 2023
Storm0978-RomCom-Campaign
Public
Recent Campaign abusing CVE-2023-36884
1•1•0•0•Updated Jul 13, 2023Jul 13, 2023
PhonyC2-MuddyWater-Research
Public
MuddyWater C2 framework research
2•11•0•0•Updated Jun 28, 2023Jun 28, 2023
PindOS-JS-Dropper
Public
JS dropper used recently for Bumblebee and IcedID infection
1•2•0•0•Updated Jun 20, 2023Jun 20, 2023
MOVEit_CVE-2023-34362_IOCs
Public
CVE-2023-34362-IOCs. More information on Deep Instinct's blog site.
2•2•0•0•Updated Jun 6, 2023Jun 6, 2023
Conti-Research
Public
Full details of the research can be found on our blog page
2•1•1•0•Updated May 23, 2023May 23, 2023
Emotet-IOCs
Public
Emotet IOCs of the new wave in 2023
3•2•0•0•Updated Mar 10, 2023Mar 10, 2023
DuckTail_IOCs
Public
DuckTail campaign IOCs
2•1•0•0•Updated Mar 9, 2023Mar 9, 2023
VSTO-POC
Public
A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously
C#
•5•31•0•1•Updated Feb 3, 2023Feb 3, 2023
Lsass-Shtinkering
Public
C++
•41•378•1•2•Updated Jan 19, 2023Jan 19, 2023
RattyConfigExtractor
Public
A python script that extracts the "command & control" server address from Ratty malware
Python
•1•3•0•0•Updated Jan 11, 2023Jan 11, 2023
JAR-Polyglot-POC
Public
A simple PoC of a polyglot HTML + JAR file.
2•6•0•0•Updated Jan 11, 2023Jan 11, 2023
Dirty-Vanity
Public
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
C
•84•625•1•1•Updated Dec 23, 2022Dec 23, 2022
AMSI-Unchained
Public
Unchain AMSI by patching the provider’s unmonitored memory space
PowerShell
•15•88•0•0•Updated Nov 24, 2022Nov 24, 2022
Exceller
Public
Replaces VBA cells function calls with their content, to make the VBA code less obfuscated and easier to detect by AV vendors.
Python
•3•2•0•0•Updated Apr 25, 2022Apr 25, 2022
DeMotet
Public
Unpacking and decryption tools for the Emotet malware
C++
•9•46•0•0•Updated Dec 5, 2021Dec 5, 2021
LsassSilentProcessExit
Public
Command line interface to dump LSASS memory to disk via SilentProcessExit
C++
•60•442•2•0•Updated Dec 23, 2020Dec 23, 2020
dsc_fix
Public
Aids in reverse engineering libraries from dyld_shared_cache in IDA
Python
•
GNU General Public License v3.0
•29•102•3•0•Updated Apr 30, 2017Apr 30, 2017
Mach-O
Public
Python
•
GNU General Public License v3.0
•20•2•0•0•Updated Apr 16, 2017Apr 16, 2017
NSISExtractor
Public
Extract the original ransomware binary from an NSIS installer
C++
•11•12•0•0•Updated Mar 22, 2017Mar 22, 2017