Tools

Loki

Scanner for Simple Indicators of Compromise - GitHub: https://github.com/Neo23x0/Loki - Features - File Name IOC - Yara Rule Check - Hash check - C2 Back Connect Check - Additional features - Regin filesystem check (via --reginfs) - Process anomaly check (based on Sysforensics) - SWF decompressed scan (new since version v0.8) - SAM dump check - DoublePulsar check - tries to detect DoublePulsar backdoor on - port 445/tcp and 3389/tcp - PE-Sieve process check - Signature Base: https://github.com/Neo23x0/signature-base

Spark Core

libpeconv

A library to load, manipulate, dump PE files.

PE-Sieve

Based on libpeconv. Scans a given process, searching for potentially malicious implants and patches within the process space.

PE Studio

Malware Initial Assessment

Other