Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jpcertcc/aa-tools
Artifact analysis tools by JPCERT/CC Analysis Center
https://github.com/jpcertcc/aa-tools
malware python security
Last synced: 5 days ago
JSON representation
Artifact analysis tools by JPCERT/CC Analysis Center
- Host: GitHub
- URL: https://github.com/jpcertcc/aa-tools
- Owner: JPCERTCC
- License: other
- Created: 2015-10-28T03:52:32.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2024-07-09T03:56:17.000Z (5 months ago)
- Last Synced: 2024-11-21T16:11:49.338Z (21 days ago)
- Topics: malware, python, security
- Language: Python
- Size: 4.08 MB
- Stars: 455
- Watchers: 55
- Forks: 90
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-reverse-engineering - **277**星
README
# aa-tools
Artifact analysis tools by JPCERT/CC Analysis Center## Deob_NOOPLDR.py
IDA plugin Tool to deobfuscate CFF used by NOOPLDR malwareArticle/Blog entry:
https://blogs.jpcert.or.jp/ja/2024/07/mirrorface.html (Japanese)## GobRAT-Analysis
C2 Commands Emulation tools in go language that supports analysis of GobRAT malwareArticle/Blog entry:
https://blogs.jpcert.or.jp/ja/2023/05/gobrat.html (Japanese)
https://blogs.jpcert.or.jp/en/2023/05/gobrat.html (English)## apt17scan.py
Volatility plugin for detecting APT17 related malware and extracting its configArticle/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-aptscan.html (Japanese)
http://blog.jpcert.or.jp/2015/11/a-volatility-plugin-created-for-detecting-malware-used-in-targeted-attacks.html (English)## emdivi_postdata_decoder.py
Python script for decoding Emdivi's post dataArticle/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-emdivi.html (Japanese)
http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html (English)## emdivi_string_decryptor.py
IDAPython script for decrypting strings inside EmdiviArticle/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-emdivi.html (Japanese)
http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html (English)## Citadel Decryptor
Data decryption tool for CitadelArticle/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-citadel.html (Japanese)
http://blog.jpcert.or.jp/2016/02/banking-trojan--27d6.html (English)## adwind_string_decoder.py
Python script for decoding strings inside AdwindArticle/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-adwind.html (Japanese)
http://blog.jpcert.or.jp/2016/05/decoding-obfuscated-strings-in-adwind.html (English)## redleavesscan.py
Volatility plugin for detecting RedLeaves and extracting its configArticle/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-redleaves2.html (Japanese)
http://blog.jpcert.or.jp/2017/05/volatility-plugin-for-detecting-redleaves-malware.html (English)## datper-splunk.py
Python script for detects Datper communication and adds result field to Splunk indexArticle/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-search-datper.html (Japanese)
http://blog.jpcert.or.jp/2017/09/chase-up-datper-bba7.html (English)## datper-elk.py
Python script for detects Datper communication and adds result field to Elasticsearch indexArticle/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-search-datper.html (Japanese)
http://blog.jpcert.or.jp/2017/09/chase-up-datper-bba7.html (English)## tscookie_decode.py
Python script for decrypting and parsing TSCookie configure dataArticle/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-tscookie.html (Japanese)
http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html (English)## wellmess_cookie_decode.py
Python script for decoding WellMess's cookie data (support Python2)Article/Blog entry:
https://blogs.jpcert.or.jp/ja/2018/06/wellmess.html (Japanese)
https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html (English)## cobaltstrikescan.py
Volatility plugin for detecting Cobalt Strike Beacon and extracting its configArticle/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-cobaltstrike.html (Japanese)
https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html (English)## tscookie_data_decode.py
Python script for decrypting and parsing TSCookie configure dataArticle/Blog entry:
https://blogs.jpcert.or.jp/ja/2019/09/tscookie_loader.html (Japanese)
https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html (English)