Ayush Anand Securityinbits
Securityinbits
/ GlueBall_CVE-2020–1464_hash
Last active
August 17, 2020 14:13
Quick analysis of Glueball malware hash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| More details: | |
| https://twitter.com/Securityinbits/status/1295362979358052353 | |
| This hash is from "GlueBall: The story of CVE-2020–1464 post by @TalBeerySec" | |
| https://www.virustotal.com/gui/file/dd71284ac6be9758a5046740168164ae76f743579e24929e0a840afd6f2d0d8e/details | |
| old_august_2018.msi (1b165119c86173b6c2b099ac0cf99107) | |
| contains | |
| only_msi.msi (c972920f2eb2322e7968a9bcee625ff8) --> non-malicious signed file | |
| extracted_MZ.dll (7740a80baf3f88101d26c20047b63972) --> non-malicious file |
Securityinbits
/ gist:5959d0b6a2bdf1e3e5607a2a3803a1b3
Last active
August 16, 2023 11:12
machine_setup_malware_analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| choco install hxd -y | |
| choco install pesieve -y | |
| choco install pebear -y | |
| choco install pestudio -y | |
| choco install wireshark -y | |
| choco install 7zip -y | |
| choco install googlechrome -y |
Securityinbits
/ new_file_hashes_from_kevin.txt
Created
August 21, 2021 02:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://twitter.com/GossiTheDog/status/1428872328566484995 | |
| Related to CVE-2020–1464 | |
| MD5 Sha1 | |
| 4a4ffce2e567f42169d919faec40059c 401d9809dd6c8b5115c214588eae285168b24dc1 | |
| f3c89e7d86353ab08a69851941218442 2584e241c2dbd79a6419c439aa31a2121b17a1c3 | |
| e8679bb6b0044ea12bd134c2369f8338 6300e8b87f660964865b92e64de1d3ad10525743 |
Securityinbits
/ SocGholish_Recipe.txt
Last active
November 13, 2022 06:22
SocGholish decoding CyberChef recipe and hash details
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Src: | |
| https://twitter.com/Securityinbits/status/1434867982426013708 | |
| CyberChef Recipe to decode the JS inline | |
| JavaScript_Beautify('\\t','Auto',true,true) | |
| Subsection('([a-zA-Z0-9+/=]{7,})\'\\)',true,true,false) | |
| From_Base64('A-Za-z0-9+/=',true) | |
| https://gchq.github.io/CyberChef/#recipe=JavaScript_Beautify('%5C%5Ct','Auto',true,true)Subsection('(%5Ba-zA-Z0-9%2B/%3D%5D%7B7,%7D)%5C'%5C%5C)',true,true,false)From_Base64('A-Za-z0-9%2B/%3D',true) | |
| Maliciouc js (Md5: e8f198d71b6363cbba5be4d38b16ec27) |
Securityinbits
/ adaptixC2.yar
Created
September 20, 2025 04:24
AdaptixC2 yara rules from Unit42 blog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule u42_hacktool_beacon_adaptixC2 | |
| { | |
| meta: | |
| description = "Detects AdaptixC2 beacon via basic functions from Unit42" | |
| reference = "https://github.com/Adaptix-Framework/AdaptixC2" | |
| strings: | |
| $FileTimeToUnixTimestamp = {D1 65 F8 83 7D F4 1F 7E 17 8B 55 E4} | |
| $Proxyfire_RecvProxy = {B9 FC FF 0F 00 E8 6A 04 00 00} | |
| $timeCalc1 = {8D 82 A0 05 00 00 89 44 24 3C EB 07} |
Securityinbits
/ adaptix_config_extractor.py
Created
September 20, 2025 04:28
AdaptixC2 config extractor from Unit42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This code was copied from Unit42 Blog | |
| # Source: https://unit42.paloaltonetworks.com/adaptixc2-post-exploitation-framework/ | |
| import json | |
| import struct | |
| import sys | |
| from typing import Any, Dict | |
| from malduck import enhex, int32, procmempe, rc4 | |