telekom-security/malware_analysis

# Telekom Security 恶意软件分析仓库 本仓库包含我们在 [telekom.com 博客](https://www.telekom.com/en/blog)以及 [Twitter 账号](https://twitter.com/DTCERT)发布的博客文章中的脚本、签名以及其他 IOC。 - 2021-05-17: [让我们放火烧冰：搜寻和检测 IcedID 感染](https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240) ([IcedID](https://github.com/telekom-security/malware_analysis/tree/main/icedid)) - 2021-07-14: [LOCKDATA 拍卖——另一个泄露市场展示了勒索软件操作者的近期转变](https://www.telekom.com/en/blog/group/article/lockdata-auction-631300) ([CryLock](https://github.com/telekom-security/malware_analysis/tree/main/crylock)) - 2021-09-14: [显微镜下的 Flubot 钓鱼短信活动](https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368) ([Flubot/Teabot](https://github.com/telekom-security/malware_analysis/tree/main/flubot)) - 2021-10-29: [用于搜寻 XOR 加密 #PlugX / #Korplug 载荷的 #YARA 规则](https://twitter.com/DTCERT/status/1454022175254618114?s=20)([PlugX](https://github.com/telekom-security/malware_analysis/tree/main/plugx)) - 2022-01-14: [#100DaysOfYara 检测修改 RDP 设置的黑客工具](https://twitter.com/DTCERT/status/1481925582019571712?s=20) ([黑客工具](https://github.com/telekom-security/malware_analysis/tree/main/hacktools)) - 2022-03-11: [SystemBC YARA 规则与提取器](https://twitter.com/DTCERT/status/1502214236268900354) ([SystemBC](https://github.com/telekom-security/malware_analysis/tree/main/systembc)) - 2022-03-18: [#100DaysOfYara 检测后门 Rufus 中的 Vatet Loader](https://twitter.com/DTCERT/status/1504778715913408512)([Defray777])(https://github.com/telekom-security/malware_analysis/tree/main/defray777) - 2022-09-02: [Raspberry Robin](https://twitter.com/DTCERT/status/1565664874633564162)([IOC](https://github.com/telekom-security/malware_analysis/tree/main/raspberry_robin))

标签：Cutter, DAST, DNS信息、DNS暴力破解, DNS 反向解析, HTTP工具, IoC, IP 地址批量处理, Telekom Security, YARA规则, 云资产清单, 入侵指标, 勒索软件, 威胁情报, 安全博客, 开发者工具, 恶意软件分析, 木马检测, 知识库安全, 网络安全, 网络安全审计, 脚本, 自定义DNS解析器, 计算机应急响应组, 逆向工具, 逆向工程, 隐私保护