SentinelLabs

All

28 repositories

AlphaGolang
Public
IDApython Scripts for Analyzing Golang Binaries
go reverse-engineering ida-pro malware-analysis ida-plugin idapython
Python
•
GNU General Public License v3.0
•63•569•0•2•Updated Aug 8, 2024Aug 8, 2024
XProtect-Malware-Families
Public
Mapping XProtect's obfuscated malware family names to common industry names.
YARA
•6•82•0•0•Updated Apr 26, 2024Apr 26, 2024
macos-ttps-yara
Public
A ruleset to find potentially malicious code in macOS malware samples
YARA
•
GNU General Public License v3.0
•2•39•0•0•Updated Aug 29, 2023Aug 29, 2023
r2pipe-stringdecoder
Public
Go
•
GNU General Public License v3.0
•0•0•0•0•Updated Jun 21, 2023Jun 21, 2023
S1QL-Queries
Public
11•50•0•1•Updated Jun 20, 2023Jun 20, 2023
MOVEit-IIS-Log-Scanner
Public
A simple script to scan IIS logs for potential exploitation of MOVEit
PowerShell
•
GNU General Public License v3.0
•0•0•0•0•Updated Jun 7, 2023Jun 7, 2023
Cl0p-ELF-Decryptor
Public
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.
Python
•2•15•0•0•Updated Feb 6, 2023Feb 6, 2023
aoqin_dragon
Public
Python
•0•2•0•0•Updated Jun 8, 2022Jun 8, 2022
aeon
Public
Repository containing Aeon Timeline templates and example projects
1•7•0•0•Updated May 6, 2022May 6, 2022
Yara
Public
Public SentinelLabs Yara Rules
YARA
•1•3•0•0•Updated Mar 17, 2022Mar 17, 2022
Crypt1_IOCs
Public
Massive unpacking of CryptOne samples
0•1•0•0•Updated Feb 21, 2022Feb 21, 2022
enumerate-macos-loginitems
Public
Xcode Playground that will return a list of all installed applications for a user that use SMLoginItem API
0•0•0•0•Updated Feb 10, 2022Feb 10, 2022
log4j_response
Public
Python
•
Other
•5•15•0•0•Updated Dec 22, 2021Dec 22, 2021
hotpatch-for-apache-log4j2
Public
An agent to hotpatch the log4j RCE from CVE-2021-44228.
Java
•
Other
•72•0•0•0•Updated Dec 16, 2021Dec 16, 2021
ZLoader-2021
Public
IOCs for ZLoader Campaign 2021
0•0•0•0•Updated Sep 15, 2021Sep 15, 2021
Shadowpad
Public
Technical Indicators for SentinelLabs ShadowPad research
1•2•0•0•Updated Aug 16, 2021Aug 16, 2021
meteor-express
Public
Hashes and Yara hunting rules for MeteorExpress Wiper
YARA
•1•1•0•0•Updated Jul 29, 2021Jul 29, 2021
Gootloader-iocs-q1-2021
Public
900 SHA1 Gootloader js loader hashes plus some of the most relevant lures with the embedded URLs used for the delivery of the payloads.
0•0•0•0•Updated Jun 16, 2021Jun 16, 2021
Memloader
Public
Memory Loader Open Source Project by Sentinel-Labs.
ida ida-pro ida-plugin idapro ida-loader
C++
•
Other
•11•20•2•0•Updated Mar 26, 2021Mar 26, 2021
IOCs
Public
A Collection of IOC's
0•2•0•0•Updated Jan 27, 2021Jan 27, 2021
aevt_decompile
Public
This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembler.py into something more human-readable.
Objective-C
•10•62•0•0•Updated Jan 12, 2021Jan 12, 2021
SolarWinds_Countermeasures
Public
This tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the victim's machine.
C#
•1•5•0•0•Updated Jan 6, 2021Jan 6, 2021
SentinelLabs_RevCore_Tools
Public
The Windows Malware Analysis Reversing Core Tools
PowerShell
•22•89•2•0•Updated Dec 21, 2020Dec 21, 2020
VTgrepGHIDRA
Public
Java
•
Other
•5•12•0•0•Updated Nov 25, 2020Nov 25, 2020
TrickBot-Deobfuscator
Public
Code and data related to TrickBot-Deobfuscator blog
Python
•3•4•0•0•Updated Feb 25, 2020Feb 25, 2020
Gamaredon-APT
Public
This is a collection of relevant indicators of compromise for the main blog.
2•4•0•0•Updated Feb 5, 2020Feb 5, 2020
PowerTrick
Public
This is a repository for the public blog with Labs indicators of compromise and code
PowerShell
•4•18•0•0•Updated Jan 8, 2020Jan 8, 2020
TrickBot-Anchor
Public
This is a repository for the public blog with Labs indicators of compromise.
2•10•0•0•Updated Dec 10, 2019Dec 10, 2019