SentinelLabs's repositories
AlphaGolang
IDApython Scripts for Analyzing Golang Binaries
SentinelLabs_RevCore_Tools
The Windows Malware Analysis Reversing Core Tools
XProtect-Malware-Families
Mapping XProtect's obfuscated malware family names to common industry names.
aevt_decompile
This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembler.py into something more human-readable.
macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
PowerTrick
This is a repository for the public blog with Labs indicators of compromise and code
Cl0p-ELF-Decryptor
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.
TrickBot-Anchor
This is a repository for the public blog with Labs indicators of compromise.
SolarWinds_Countermeasures
This tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the victim's machine.
TrickBot-Deobfuscator
Code and data related to TrickBot-Deobfuscator blog
Gamaredon-APT
This is a collection of relevant indicators of compromise for the main blog.
Crypt1_IOCs
Massive unpacking of CryptOne samples
meteor-express
Hashes and Yara hunting rules for MeteorExpress Wiper
enumerate-macos-loginitems
Xcode Playground that will return a list of all installed applications for a user that use SMLoginItem API
ZLoader-2021
IOCs for ZLoader Campaign 2021
Gootloader-iocs-q1-2021
900 SHA1 Gootloader js loader hashes plus some of the most relevant lures with the embedded URLs used for the delivery of the payloads.
hotpatch-for-apache-log4j2
An agent to hotpatch the log4j RCE from CVE-2021-44228.
MOVEit-IIS-Log-Scanner
A simple script to scan IIS logs for potential exploitation of MOVEit