GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → chenerlich → Fcl

chenerlich / Fcl

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Labels

command-linemalwaremalware-analysisincident-responsethreat-huntingmalware-detection

Projects that are alternatives of or similar to Fcl

malware-persistence
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (-73.35%)
Mutual labels:  malware, threat-hunting, malware-analysis, malware-detection
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-83.13%)
Mutual labels:  malware, malware-analysis, threat-hunting, malware-detection
Threat Hunting
Personal compilation of APT malware from whitepaper releases, documents and own research
Stars: ✭ 219 (-46.45%)
Mutual labels:  malware, malware-analysis, threat-hunting, malware-detection
Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (-47.68%)
Mutual labels:  malware, threat-hunting, malware-analysis, malware-detection
Medusa
Binary instrumentation framework based on FRIDA
Stars: ✭ 258 (-36.92%)
Mutual labels:  malware, malware-analysis, malware-detection
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+240.83%)
Mutual labels:  malware-analysis, threat-hunting, malware-detection
Virustotal Tools
Submits multiple domains to VirusTotal API
Stars: ✭ 29 (-92.91%)
Mutual labels:  malware, malware-analysis, malware-detection
Fame
FAME Automates Malware Evaluation
Stars: ✭ 663 (+62.1%)
Mutual labels:  incident-response, malware, malware-analysis
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+416.87%)
Mutual labels:  incident-response, malware-analysis, threat-hunting
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (-31.3%)
Mutual labels:  malware, threat-hunting, malware-analysis
yara
Malice Yara Plugin
Stars: ✭ 27 (-93.4%)
Mutual labels:  malware, malware-analysis, malware-detection
malware-writeups
Personal research and publication on malware families
Stars: ✭ 104 (-74.57%)
Mutual labels:  malware, malware-analysis, malware-detection
Apt Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Stars: ✭ 297 (-27.38%)
Mutual labels:  incident-response, threat-hunting
Zelos
A comprehensive binary emulation and instrumentation platform.
Stars: ✭ 298 (-27.14%)
Mutual labels:  malware, malware-analysis
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+752.08%)
Mutual labels:  malware-analysis, threat-hunting
Ssma
SSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me]
Stars: ✭ 388 (-5.13%)
Mutual labels:  malware, malware-analysis
Malsub
A Python RESTful API framework for online malware analysis and threat intelligence services.
Stars: ✭ 308 (-24.69%)
Mutual labels:  malware, malware-analysis
Ir Rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (-23.96%)
Mutual labels:  incident-response, malware
Urlextractor
Information gathering & website reconnaissance | https://phishstats.info/
Stars: ✭ 341 (-16.63%)
Mutual labels:  incident-response, malware
Engine
Droidefense: Advance Android Malware Analysis Framework
Stars: ✭ 386 (-5.62%)
Mutual labels:  malware, malware-analysis
View All Similar Projects ➔

FCL - Fileless Command Lines

Known command-lines of fileless malicious executions.

Motivation

While hashing malicious files to identify malicious executions is easy, blocking the execution of fileless malware is more challenging. This repository's purpose is to collect command lines being used by threat actors, to ease the difficult of identifying them.

Structure

Each FCL file contains\may contain the following data:

  • Malware name
  • Executing process(es)
  • Malicious command-lines (contain dysfunctional URLs)
  • Fully\Partially deobfuscated command-lines
  • Regular Expression for detection
  • Technical write-ups
  • Sandbox report links
  • Notes

Contributions

If you have any malicious related command line (deobfuscated or not), sandbox links, technical write-up, regular expression or any useful suggestion, please share it with me and I will update this repository accordingly.

References

Here are some great references elaborating on fileless malicious executions and the use of it through time:

GPL 3

FCL - Fileless Command Lines Copyright (C) 2018, Chen Erlich (@chen_erlich).

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

TODO

  • [ ] Add more fileless malwares
  • [ ] Sharp\add regular expressions
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].