This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # extract attachments and URLs (from e-mail body) from Outlook .eml files | |
| # | |
| # 1. dump all mail samples into folder called Mail/ | |
| # 2. create empty folder "Attachments/" | |
| # 3. run tool from root of both folders | |
| import os | |
| import re | |
| from independentsoft.msg import Message | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests | |
| import pandas as pd | |
| df = pd.read_csv("https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/C2_configs/cobaltstrike.csv", usecols=["FirstSeen", "ip"]) | |
| df.drop_duplicates(subset="ip").to_csv("C2_masterlist.csv", index=False) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "pe" | |
| import "hash" | |
| import "math" | |
| import "time" | |
| rule Gootloader_container { | |
| meta: | |
| description = "Gootloader Dropper Container" | |
| author = "Droogy" | |