├── .gitignore ├── .pre-commit-config.yaml ├── LICENSE ├── MANIFEST.in ├── README.md ├── malchive ├── __init__.py ├── active_discovery │ ├── cobaltstrike_beacon.py │ ├── meterpreter_reverse_shell.py │ ├── shadowpad.py │ └── spivy.py ├── decoders │ ├── apollo.py │ ├── cobaltstrike_payload.py │ ├── pivy.py │ ├── rzstreet_dumper.py │ ├── sunburst.py │ └── sunburst_dga.py ├── extras │ ├── active_discovery_template.py │ ├── decoder_template.py │ └── spivy_test_response.py ├── helpers │ ├── BinDataHelper.py │ ├── apLib.py │ ├── crypt_plaintexts.py │ ├── discovery.py │ ├── myRC4.py │ └── winfunc.py └── utilities │ ├── add.py │ ├── apihash.py │ ├── aplibdumper.py │ ├── b64dump.py │ ├── brute_xor.py │ ├── byteflip.py │ ├── cobaltstrike_malleable_restore.py │ ├── comguidtoyara.py │ ├── data │ └── apihashes.db │ ├── dotnetdumper.py │ ├── entropycalc.py │ ├── findapihash.py │ ├── genrsa.py │ ├── gensig.py │ ├── guid_recovery.py │ ├── hashes.py │ ├── hiddencab.py │ ├── killaslr.py │ ├── negate.py │ ├── pecarver.py │ ├── pepdb.py │ ├── peresources.py │ ├── petimestamp.py │ ├── reverse_bytes.py │ ├── rotate.py │ ├── ssl_cert.py │ ├── sub.py │ ├── superstrings.py │ ├── vtinspect.py │ ├── xor.py │ └── xor_pairwise.py └── setup.py /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include malchive/utilities/data/* 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/README.md -------------------------------------------------------------------------------- /malchive/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /malchive/active_discovery/cobaltstrike_beacon.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/active_discovery/cobaltstrike_beacon.py -------------------------------------------------------------------------------- /malchive/active_discovery/meterpreter_reverse_shell.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/active_discovery/meterpreter_reverse_shell.py -------------------------------------------------------------------------------- /malchive/active_discovery/shadowpad.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/active_discovery/shadowpad.py -------------------------------------------------------------------------------- /malchive/active_discovery/spivy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/active_discovery/spivy.py -------------------------------------------------------------------------------- /malchive/decoders/apollo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/decoders/apollo.py -------------------------------------------------------------------------------- /malchive/decoders/cobaltstrike_payload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/decoders/cobaltstrike_payload.py -------------------------------------------------------------------------------- /malchive/decoders/pivy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/decoders/pivy.py -------------------------------------------------------------------------------- /malchive/decoders/rzstreet_dumper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/decoders/rzstreet_dumper.py -------------------------------------------------------------------------------- /malchive/decoders/sunburst.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/decoders/sunburst.py -------------------------------------------------------------------------------- /malchive/decoders/sunburst_dga.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/decoders/sunburst_dga.py -------------------------------------------------------------------------------- /malchive/extras/active_discovery_template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/extras/active_discovery_template.py -------------------------------------------------------------------------------- /malchive/extras/decoder_template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/extras/decoder_template.py -------------------------------------------------------------------------------- /malchive/extras/spivy_test_response.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/extras/spivy_test_response.py -------------------------------------------------------------------------------- /malchive/helpers/BinDataHelper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/helpers/BinDataHelper.py -------------------------------------------------------------------------------- /malchive/helpers/apLib.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/helpers/apLib.py -------------------------------------------------------------------------------- /malchive/helpers/crypt_plaintexts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/helpers/crypt_plaintexts.py -------------------------------------------------------------------------------- /malchive/helpers/discovery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/helpers/discovery.py -------------------------------------------------------------------------------- /malchive/helpers/myRC4.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/helpers/myRC4.py -------------------------------------------------------------------------------- /malchive/helpers/winfunc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/helpers/winfunc.py -------------------------------------------------------------------------------- /malchive/utilities/add.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/add.py -------------------------------------------------------------------------------- /malchive/utilities/apihash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/apihash.py -------------------------------------------------------------------------------- /malchive/utilities/aplibdumper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/aplibdumper.py -------------------------------------------------------------------------------- /malchive/utilities/b64dump.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/b64dump.py -------------------------------------------------------------------------------- /malchive/utilities/brute_xor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/brute_xor.py -------------------------------------------------------------------------------- /malchive/utilities/byteflip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/byteflip.py -------------------------------------------------------------------------------- /malchive/utilities/cobaltstrike_malleable_restore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/cobaltstrike_malleable_restore.py -------------------------------------------------------------------------------- /malchive/utilities/comguidtoyara.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/comguidtoyara.py -------------------------------------------------------------------------------- /malchive/utilities/data/apihashes.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/data/apihashes.db -------------------------------------------------------------------------------- /malchive/utilities/dotnetdumper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/dotnetdumper.py -------------------------------------------------------------------------------- /malchive/utilities/entropycalc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/entropycalc.py -------------------------------------------------------------------------------- /malchive/utilities/findapihash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/findapihash.py -------------------------------------------------------------------------------- /malchive/utilities/genrsa.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/genrsa.py -------------------------------------------------------------------------------- /malchive/utilities/gensig.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/gensig.py -------------------------------------------------------------------------------- /malchive/utilities/guid_recovery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/guid_recovery.py -------------------------------------------------------------------------------- /malchive/utilities/hashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/hashes.py -------------------------------------------------------------------------------- /malchive/utilities/hiddencab.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/hiddencab.py -------------------------------------------------------------------------------- /malchive/utilities/killaslr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/killaslr.py -------------------------------------------------------------------------------- /malchive/utilities/negate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/negate.py -------------------------------------------------------------------------------- /malchive/utilities/pecarver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/pecarver.py -------------------------------------------------------------------------------- /malchive/utilities/pepdb.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/pepdb.py -------------------------------------------------------------------------------- /malchive/utilities/peresources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/peresources.py -------------------------------------------------------------------------------- /malchive/utilities/petimestamp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/petimestamp.py -------------------------------------------------------------------------------- /malchive/utilities/reverse_bytes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/reverse_bytes.py -------------------------------------------------------------------------------- /malchive/utilities/rotate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/rotate.py -------------------------------------------------------------------------------- /malchive/utilities/ssl_cert.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/ssl_cert.py -------------------------------------------------------------------------------- /malchive/utilities/sub.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/sub.py -------------------------------------------------------------------------------- /malchive/utilities/superstrings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/superstrings.py -------------------------------------------------------------------------------- /malchive/utilities/vtinspect.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/vtinspect.py -------------------------------------------------------------------------------- /malchive/utilities/xor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/xor.py -------------------------------------------------------------------------------- /malchive/utilities/xor_pairwise.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/malchive/utilities/xor_pairwise.py -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MITRECND/malchive/HEAD/setup.py --------------------------------------------------------------------------------