Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/navytitanium/eitest-tools-scripts-iocs
https://github.com/navytitanium/eitest-tools-scripts-iocs
eitest-c2 ioc iocs malicious-domains malicious-redirects malicious-url
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/navytitanium/eitest-tools-scripts-iocs
- Owner: NavyTitanium
- Created: 2018-01-28T20:52:51.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2018-04-13T23:22:05.000Z (about 6 years ago)
- Last Synced: 2024-02-09T00:34:23.070Z (5 months ago)
- Topics: eitest-c2, ioc, iocs, malicious-domains, malicious-redirects, malicious-url
- Language: PHP
- Homepage: https://blog.brillantit.com/exposing-eitest-campaign/
- Size: 8.54 MB
- Stars: 5
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Lists
- awesome-rat - **4**星
- awesome-rat - **4**星
README
# IOCs
Indicators of Compromise (IOCs) updated every 30 minutes related to EITest campaigns. **The domain stat-dns.com used in EITest's DGA algorithm [has been sinkholed](https://www.proofpoint.com/us/threat-insight/post/eitest-sinkholing-oldest-infection-chain). As a result, the EITest campaign now appears to have been shutdown since 2018-03-15.**
# backend-decipher.py
Decodes data transmitted from an infected website via the EITest script to the EITest C2.
# infol_Decrypter.py
Decodes data transmitted by the victims to help.php and download.php.
# injPayloadDecrypter.py
Decodes data transmitted from the EITest C2 to the infected website (the content to be injected in the webpage).
# parsing-EITest_GET-requests.py
Process the GET requests from the EITest sinkhole server and store them in a MySQL database. Takes as input a large log file containing millions of requests, decode and process them using multiple threads.
# Malicious files
Contains differents artefact belonging to EITest.