Bit9 + Carbon Black Threat Intelligence repo

Use of the Carbon Black API is governed by the license found in LICENSE.

Contains various projects and presentations.

mpesm (Mnemonic PE Signature Matching) is a tool to help identify multiple types of packers, cryptors, and compilers. It uses a take on Levenshtein distance to calculate similarity between the assembly mnemonics in the signature and the assembly mnemonics found in the PE file.

Various Yara signatures.

A service to pull data from a Carbon Black server to CRITs.