{"id":13705818,"url":"https://github.com/telekom-security/malware_analysis","last_synced_at":"2025-04-13T00:31:33.088Z","repository":{"id":43261118,"uuid":"365242455","full_name":"telekom-security/malware_analysis","owner":"telekom-security","description":"This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.","archived":false,"fork":false,"pushed_at":"2023-12-13T11:54:24.000Z","size":67,"stargazers_count":114,"open_issues_count":2,"forks_count":16,"subscribers_count":13,"default_branch":"main","last_synced_at":"2025-03-26T18:52:38.823Z","etag":null,"topics":["cti","malware","malware-analysis","malware-research","reverse-engineering"],"latest_commit_sha":null,"homepage":"https://www.telekom.com/en/blog","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/telekom-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-05-07T13:28:34.000Z","updated_at":"2025-03-25T08:48:10.000Z","dependencies_parsed_at":"2023-12-13T13:00:00.896Z","dependency_job_id":null,"html_url":"https://github.com/telekom-security/malware_analysis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telekom-security%2Fmalware_analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telekom-security%2Fmalware_analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telekom-security%2Fmalware_analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telekom-security%2Fmalware_analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/telekom-security","download_url":"https://codeload.github.com/telekom-security/malware_analysis/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248650590,"owners_count":21139670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cti","malware","malware-analysis","malware-research","reverse-engineering"],"created_at":"2024-08-02T22:00:48.406Z","updated_at":"2025-04-13T00:31:32.720Z","avatar_url":"https://github.com/telekom-security.png","language":"Python","funding_links":[],"categories":["Rules"],"sub_categories":[],"readme":"# Telekom Security Malware Analysis Repository\r\n\r\nThis repository comprises scripts, signatures, and additional IOCs of our blog posts at the [telekom.com blog](https://www.telekom.com/en/blog) as well as of our [Twitter account](https://twitter.com/DTCERT).\r\n\r\n- 2021-05-17: [Let’s set ice on fire: Hunting and detecting IcedID infections](https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240) ([IcedID](https://github.com/telekom-security/malware_analysis/tree/main/icedid))\r\n- 2021-07-14: [LOCKDATA Auction – Another leak marketplace showing the recent shift of ransomware operators](https://www.telekom.com/en/blog/group/article/lockdata-auction-631300) ([CryLock](https://github.com/telekom-security/malware_analysis/tree/main/crylock))\r\n- 2021-09-14: [Flubot's Smishing Campaigns under the Microscope](https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368) ([Flubot/Teabot](https://github.com/telekom-security/malware_analysis/tree/main/flubot))\r\n- 2021-10-29: [#YARA rule for hunting XOR encrypted #PlugX / #Korplug payloads](https://twitter.com/DTCERT/status/1454022175254618114?s=20)([PlugX](https://github.com/telekom-security/malware_analysis/tree/main/plugx))\r\n- 2022-01-14: [#100DaysOfYara Detect Hacktools that modify RDP settings](https://twitter.com/DTCERT/status/1481925582019571712?s=20) ([Hacktools](https://github.com/telekom-security/malware_analysis/tree/main/hacktools))\r\n- 2022-03-11: [SystemBC YARA rule and extractor](https://twitter.com/DTCERT/status/1502214236268900354) ([SystemBC](https://github.com/telekom-security/malware_analysis/tree/main/systembc))\r\n- 2022-03-18: [#100DaysOfYara Detect Vatet Loader in backedoored Rufus](https://twitter.com/DTCERT/status/1504778715913408512)([Defray777])(https://github.com/telekom-security/malware_analysis/tree/main/defray777)\r\n-  2022-09-02: [Raspberry Robin](https://twitter.com/DTCERT/status/1565664874633564162)([IOCs](https://github.com/telekom-security/malware_analysis/tree/main/raspberry_robin))\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelekom-security%2Fmalware_analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftelekom-security%2Fmalware_analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelekom-security%2Fmalware_analysis/lists"}