Post on 15-Mar-2020
•
•
•
•
What about now?
Sa
mp
le #
1
Sa
mp
le #
2
But let's try something different…
So what else is there?
Malware – DOS Executable:Regex: ^TV(oA|pB|pQ|qA|qQ|ro)\w+
TVoA | TVpB | TVpQ |
TVqA | TVqQ | TVro
Dark web Domains:
find({'contents': /\.onion/})
Credentials dump: Threat Intel / IOC:
• API Keys • Certificates • Malicious Scripts • Database
So How do you get started?❑ Scrapers and Bots:
❑ https://github.com/Critical-Start/pastebin_scraper
❑ https://github.com/kevthehermit/PasteHunter
❑ https://twitter.com/ScumBots
❑ https://twitter.com/dumpmon - Inactive
❑ Static Analysis tools:
❑ CyberChef - https://gchq.github.io/CyberChef/
❑ PE Studio - https://www.winitor.com/
❑ CFF Explorer - https://ntcore.com/?page_id=388
❑ dotPeek - https://www.jetbrains.com/decompiler/
❑ YARA - https://virustotal.github.io/yara/
https://twitter.com/n3onli8
Chandra Majumdar
CTO – ElevatedPrompt Solutions Inc
chandra-at-elevatedprompt.com
Thank You