telekom-security / malware_analysis Public

Notifications You must be signed in to change notification settings
Fork 16
Star 108

This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.

www.telekom.com/en/blog

108 stars 16 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 36 Commits
crylock		crylock
darkgate		darkgate
defray777		defray777
flubot		flubot
hacktools		hacktools
icedid		icedid
plugx		plugx
raspberry_robin		raspberry_robin
systembc		systembc
.gitignore		.gitignore
README.md		README.md

Repository files navigation

Telekom Security Malware Analysis Repository

This repository comprises scripts, signatures, and additional IOCs of our blog posts at the telekom.com blog as well as of our Twitter account.

2021-05-17: Let’s set ice on fire: Hunting and detecting IcedID infections (IcedID)
2021-07-14: LOCKDATA Auction – Another leak marketplace showing the recent shift of ransomware operators (CryLock)
2021-09-14: Flubot's Smishing Campaigns under the Microscope (Flubot/Teabot)
2021-10-29: #YARA rule for hunting XOR encrypted #PlugX / #Korplug payloads(PlugX)
2022-01-14: #100DaysOfYara Detect Hacktools that modify RDP settings (Hacktools)
2022-03-11: SystemBC YARA rule and extractor (SystemBC)
2022-03-18: #100DaysOfYara Detect Vatet Loader in backedoored Rufus([Defray777])(https://github.com/telekom-security/malware_analysis/tree/main/defray777)
2022-09-02: Raspberry Robin(IOCs)

About

This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.

www.telekom.com/en/blog

reverse-engineering malware malware-analysis malware-research cti

Custom properties

Report repository

Contributors 5

Languages