UTC: 2024-01-03 12:01
virtualex-itv/chocolatey-packages
This file is automatically generated by the update_all.ps1 script using the AU module.
Ignored | History | Force Test | [Releases](https:
Albert Zsigovits albertzsigovits
🕹️
albertzsigovits
/ Update-AUPackages.md
Created
January 3, 2024 17:17
— forked from virtualex-itv/Update-AUPackages.md
Update-AUPackages Report #powershell #chocolatey
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Control Flow Flattening | |
| Opaque Predicates | |
| Mixed Boolean Arithmetic | |
| Strings and Code Encryption | |
| Instruction substitution |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export HISTFILE=/dev/null | |
| export HISTSIZE=0 | |
| export HISTFILESIZE=0 | |
| /proc/PID/environ | tr '\0' '\n' | |
| unset HISTFILE | |
| rm $HISTFILE | |
| shred $HISTFILE | |
| rm .bash_history |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Case EXE DLL Date Family Type Country | |
| PoisonIvy RAT hijacking Samsung RunHelp.exe RunHelp.exe ssMUIDLL.dll 2019.01.01 PoisonIvyRAT APT - | |
| Remcos hijacking OpenVPN libcrypto.dll OpenVPNGui.exe libcrypto.dll 2021.03.01 Netwire/Remcos RAT APT - | |
| REvil hijacking MsMpEng.exe/ WinDefender DLL MsMpEng.exe mpsvc.dll 2021.03.31 REvil group Cybercrime - | |
| NGOs are targeted by APT10 with VLC media player side-loading vlc.exe - 2022.02.01 Cicada group APT10 CN | |
| Lockbit ransomware dropping Cobalt-strike w/ DLL-sideloading VMwareXferlogs.exe glib-2.0.dll 2022.04.27 Lockbit group Cybercrime - | |
| PlugX Hijacking Bitdefender AV DLLs bdsrv.exe log.dll 2022.05.02 PlugX/ShadowPad RAT APT CN | |
| Mustang Panda targets EU entities with phishing Acrobat.exe Acrobat.dll 2022.05.05 PlugX/ShadowPad RAT APT CN | |
| Qakbot abusing calc.exe for Sideloading calc.exe WindowsCodecs.dll 2022.07.27 Qakbot trojan Cybercrime - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AV-Comparatives | |
| AVLab | |
| AV-Test | |
| ICSA Labs | |
| MITRE | |
| MRG Effitas | |
| NSS Labs | |
| SecureIQLab | |
| SE Labs | |
| VirusBulletin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _Malware_Template | |
| ATM malware | |
| Backdoors | |
| Banking trojans | |
| Bootkits | |
| Botnets | |
| Crypters | |
| Cryptominers | |
| DOS virus | |
| Downloaders/Loaders/Droppers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Commercial tools: | |
| Cobalt Strike - https://www.cobaltstrike.com/ | |
| Brute Ratel C4 - https://bruteratel.com/ | |
| Nighthawk - https://www.mdsec.co.uk/nighthawk/ | |
| Outflank Security Tooling (OST) - https://outflank.nl/services/outflank-security-tooling/ | |
| Metasploit - https://www.metasploit.com/ | |
| Open-source tools: | |
| Posh C2 - https://github.com/nettitude/PoshC2 | |
| Empire - https://github.com/BC-SECURITY/Empire |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Examined 138 malware family pcaps overall that include some form of C2 communication | |
| - 13/138 malware family only sends HTTP Request Headers in their initial C2 comm, no Request Body | |
| - 125/138 malware family sends some data in their HTTP Request Body | |
| - In the github project (https://github.com/silence-is-best/c2db), we only maintain HTTP Request captures, but had captures for 8 Responses | |
| o (which is a small subset to really draw any conclusion regarding the Response sizes, anyway did some stats on that too) | |
| Content-Lengths: | |
| Minimum HTTP Request Body: 3 bytes | |
| Maximum HTTP Request Body with exfil: 1.2 MB | |
| Maximum HTTP Request Body with no exfil: 214 KB |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub x() | |
| On Error Resume Next | |
| For i = 0 To 100 | |
| If i < 10 Then f = "out\0" & i Else f = "out\" & i | |
| ActiveWorkbook.SaveAs Filename:=f, FileFormat:=i | |
| Next i | |
| End Sub |
albertzsigovits
/ pe-section-xtract.py
Created
August 8, 2023 19:29
Enum PE section names for large collection of malware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pefile | |
| import sys | |
| import os | |
| dir = '/tmp/mlwr' | |
| for dirpath, dirnames, filenames in os.walk(dir): | |
| for filename in filenames: | |
| with open(os.path.join(dir,dirpath,filename), 'rb') as current: | |
| xtract = current.read(2) |
NewerOlder