This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# [X] Reading from file | |
# [X] Splitting word by word | |
# [X] Split ascii and unicode | |
# [X] Determine a range and apply filter | |
# [X] Collect all the unique ones in an array | |
# [X] Create random english words for them | |
# [X] Create an updated file | |
# [ ] Work with folder and file as a input | |
#!/usr/bin/python |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import os | |
import logging | |
whitelist = [] | |
def banner(): | |
print("") | |
print(" ___ ___ _ _ ") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# LS19 Zararlı Yazılım Analiz Ekibi | |
# Analiz Rapor Formatı | |
# | |
# Değer bölümünde | karakteri bulunan anahtarlara, çoklu girdi sağlayabilirsiniz. | |
# | |
# Örn: | |
# key: | | |
# First Value | |
# Second Value | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import sys | |
import binascii | |
import struct | |
array = [] | |
# Hard coded XOR key | |
xorKey = [0x2d, 0x30, 0x71, 0x1b, 0x07, 0x0f, 0x43, 0x2d, 0x56, 0x2a] | |
# Sample encryptted string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Private Sub Execute() | |
Dim Path As String | |
Dim FileNum As Long | |
Dim xml() As Byte | |
Dim bin() As Byte | |
Const HIDDEN_WINDOW = 12 | |
strComputer = "." | |
xml = ActiveDocument.WordOpenXML | |
Set xmlParser = CreateObject("Msxml2.DOMDocument") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import sys | |
import binascii | |
array = [] | |
xoredArray = [] | |
# Hard coded XOR key | |
xorKey = ['0x56', '0xd7', 'a7', '0a'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule SedUploader { | |
meta: | |
author = "Mert Degirmenci" | |
description = "APT28 SedUploader variant" | |
date = "15.04.2019" | |
hash1 = "b20aab629ea7fa73b98be9f3df1568c0a3b37480" | |
strings: | |
// google.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
f sus.copyToBuffer 0 0x100030df | |
f sus.lengthAsByte 0 0x10002b99 | |
f sus.internetReadFile_caller 0 0x10003621 | |
f sus.createMutex 0 0x10002cfc | |
f sus.mainRoutine 0 0x10005b94 | |
f sus.decrypterFunc 0 0x10002f3f | |
f sus.heapFree_un 0 0x10003f83 | |
f sus.multiByteToWideChar_caller 0 0x1000369a | |
f sus.base64Decode 0 0x10002d4b | |
f sus.base64Encode 0 0x10002d8f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import sys | |
import struct | |
import re | |
from rijndael.cipher.crypt import new | |
from rijndael.cipher.blockcipher import MODE_CBC | |
encValues = [] | |
def readValues(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import r2pipe | |
file = open('importsNtdll', 'r') | |
#file = open('importsKernel32', 'r') | |
imports = file.read() | |
file.close() | |
imports = imports.split('\n') | |
file = open('hashes', 'r') |
OlderNewer