Thursday, September 30, 2021

Offline verify malware through VirusTotal besides using YARA.

 1) Open a CMD, go to the suspicious sample's folder, and type:

> certutil -hashfile suspicious_file.exe MD5

> certutil -hashfile suspicious_file.exe SHA256


2) Record the hashes shown in the output of those two commands above.


3) Open a web browser, go to https://www.virustotal.com/gui/home/search, and search the above-mentioned hashes.

Posted by at No comments:

Wednesday, September 29, 2021

[YARA] Yara Rulesets

https://github.com/Yara-Rules/rules

https://github.com/advanced-threat-research/Yara-Rules

https://github.com/reversinglabs/reversinglabs-yara-rules

https://github.com/bartblaze/Yara-rules/tree/master/rules



More references could be found at https://github.com/InQuest/awesome-yara#rules

Posted by at No comments:

Monday, September 27, 2021

[Threat Intelligence] Blacklist Scan

blocklist.de List (http://lists.blocklist.de/lists/all.txt)

VOIPBL Publicly Accessible PBX List (http://www.voipbl.org/update)

CleanTalk Spam List (https://iplists.firehol.org/files/cleantalk_7d.ipset)


cinsscore.com (http://cinsscore.com/list/ci-badguys.txt)

Posted by at No comments:
Subscribe to: Posts (Atom)