JPCERTCC/aa-tools JPCERTCC/aa-tools

  • Stars
    star
    446
  • Rank 94,543 (Top 2 %)
  • Language
    Python
  • License
    Other
  • Created over 8 years ago
  • Updated 5 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
JPCERTCC/aa-tools
github

JPCERTCC

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Artifact analysis tools by JPCERT/CC Analysis Center

aa-tools

Artifact analysis tools by JPCERT/CC Analysis Center

GobRAT-Analysis

C2 Commands Emulation tools in go language that supports analysis of GobRAT malware

Article/Blog entry:
https://blogs.jpcert.or.jp/ja/2023/05/gobrat.html (Japanese)
https://blogs.jpcert.or.jp/en/2023/05/gobrat.html (English)

apt17scan.py

Volatility plugin for detecting APT17 related malware and extracting its config

Article/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-aptscan.html (Japanese)
http://blog.jpcert.or.jp/2015/11/a-volatility-plugin-created-for-detecting-malware-used-in-targeted-attacks.html (English)

emdivi_postdata_decoder.py

Python script for decoding Emdivi's post data

Article/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-emdivi.html (Japanese)
http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html (English)

emdivi_string_decryptor.py

IDAPython script for decrypting strings inside Emdivi

Article/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-emdivi.html (Japanese)
http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html (English)

Citadel Decryptor

Data decryption tool for Citadel

Article/Blog entry:
http://www.jpcert.or.jp/magazine/acreport-citadel.html (Japanese)
http://blog.jpcert.or.jp/2016/02/banking-trojan--27d6.html (English)

adwind_string_decoder.py

Python script for decoding strings inside Adwind

Article/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-adwind.html (Japanese)
http://blog.jpcert.or.jp/2016/05/decoding-obfuscated-strings-in-adwind.html (English)

redleavesscan.py

Volatility plugin for detecting RedLeaves and extracting its config

Article/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-redleaves2.html (Japanese)
http://blog.jpcert.or.jp/2017/05/volatility-plugin-for-detecting-redleaves-malware.html (English)

datper-splunk.py

Python script for detects Datper communication and adds result field to Splunk index

Article/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-search-datper.html (Japanese)
http://blog.jpcert.or.jp/2017/09/chase-up-datper-bba7.html (English)

datper-elk.py

Python script for detects Datper communication and adds result field to Elasticsearch index

Article/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-search-datper.html (Japanese)
http://blog.jpcert.or.jp/2017/09/chase-up-datper-bba7.html (English)

tscookie_decode.py

Python script for decrypting and parsing TSCookie configure data

Article/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-tscookie.html (Japanese)
http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html (English)

wellmess_cookie_decode.py

Python script for decoding WellMess's cookie data (support Python2)

Article/Blog entry:
https://blogs.jpcert.or.jp/ja/2018/06/wellmess.html (Japanese)
https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html (English)

cobaltstrikescan.py

Volatility plugin for detecting Cobalt Strike Beacon and extracting its config

Article/Blog entry:
https://www.jpcert.or.jp/magazine/acreport-cobaltstrike.html (Japanese)
https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html (English)

tscookie_data_decode.py

Python script for decrypting and parsing TSCookie configure data

Article/Blog entry:
https://blogs.jpcert.or.jp/ja/2019/09/tscookie_loader.html (Japanese)
https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html (English)

More Repositories

1

LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log
Python
2,604
star
2

EmoCheck

Emotet detection tool for Windows OS
C++
673
star
3

MalConfScan

Volatility plugin for extracts configuration data of known malware
Python
466
star
4

SysmonSearch

Investigate suspicious activity by visualizing Sysmon's event log
JavaScript
409
star
5

ToolAnalysisResultSheet

Tool Analysis Result Sheet
HTML
337
star
6

YAMA

Yet Another Memory Analyzer for malware detection
C++
161
star
7

DetectLM

Detecting Lateral Movement with Machine Learning
Python
136
star
8

phishurl-list

Phishing URL dataset from JPCERT/CC
HTML
133
star
9

MalConfScan-with-Cuckoo

Cuckoo Sandbox plugin for extracts configuration data of known malware
Python
129
star
10

jpcert-yara

JPCERT/CC public YARA rules repository
YARA
93
star
11

log-analysis-training

ログ分析トレーニング用コンテンツ
HTML
86
star
12

impfuzzy

Fuzzy Hash calculated from import API of PE files
Python
82
star
13

MemoryForensic-on-Cloud

Memory Forensic System on Cloud
HTML
82
star
14

Windows-Symbol-Tables

Windows symbol tables for Volatility 3
Python
61
star
15

cordova

Vulnerability Analysis of Hybrid Applications using Apache Cordova
HTML
55
star
16

OWASPdocuments

Japanese translation of OWASP documents
HTML
53
star
17

Lazarus-research

Lazarus analysis tools and research report
Python
52
star
18

STrelok

Application for STIX v2.0 objects management and analysis
Python
27
star
19

CobaltStrike-Config

Repository for archiving Cobalt Strike configuration
26
star
20

QuasarRAT-Analysis

QuasarRAT analysis tools and research report
Python
23
star
21

Lucky-Visitor-Scam-IoC

Automatically update IoC for lucky visitor scam
23
star
22

SurfaceAnalysis-on-Cloud

Surface Analysis System on Cloud
HCL
18
star
23

ToolAnalysisResultSheet_jp

分析ツール結果シート
HTML
17
star
24

AutoYara4FLIRT

Python
14
star
25

cwe-1003-ja

CWE-1003 日本語訳
10
star
26

vdo-json-schema

JSON Schema for Vulnerability Description Ontology (VDO)
JavaScript
8
star
27

JPCERT-IR-Statistics

JPCERT/CC Incident handling statistics
HTML
6
star
28

HUILoader-research

HUI Loader analysis research
4
star
29

xml2evtx

Convert Event Log XML to EVTX file
Python
2
star