extracting-iocs-from-malware-samples

Featured

Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs, domains, URLs), host artifacts (file paths, registry keys, mutexes), and behavioral patterns for threat intelligence sharing and detection rule creation. Activates for requests involving IOC extraction, threat indicator harvesting, malware indicator collection, or building detection content from samples.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Extracting IOCs from Malware Samples ## When to Use - A malware analysis (static or dynamic) is complete and actionable indicators need to be extracted for defense teams - Building blocklists for firewalls, proxies, and DNS sinkholes from analyzed samples - Creating YARA rules, Snort/Suricata signatures, or SIEM detection content from malware artifacts - Contributing to threat intelligence sharing platforms (MISP, OTX, ThreatConnect) - Tracking malware campaigns by correlating IOCs across multiple samples **Do not use** for IOCs from unverified sources without validation; false positives in blocklists can disrupt legitimate business operations. ## Prerequisites - Python 3.8+ with `iocextract`, `pefile`, `yara-python` libraries installed - Completed malware analysis report (static analysis, dynamic analysis, or reverse engineering) - Access to PCAP files, memory dumps, or sandbox reports from the analysis - MISP instance or STIX/TAXII server for structured IOC sharing - VirusTotal API key for IOC enrichment and validation - CyberChef for decoding obfuscated indicators ## Workflow ### Step 1: Extract File-Based IOCs Compute hashes and identify file metadata indicators: ```bash # Generate all standard hashes md5sum malware_sample.exe sha1sum malware_sample.exe sha256sum malware_sample.exe # Generate ssdeep fuzzy hash for similarity matching ssdeep malware_sample.exe # Generate imphash (import hash) for PE files python3 -c " import pefile pe = pefile.PE('malware_samp...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: today
Language: Python
License: Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Listed

extracting-iocs-from-malware-samples

6 Updated today

26zl

AI & Automation Featured

performing-malware-ioc-extraction

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist

12,642 Updated today

mukul975

AI & Automation Featured

analyzing-indicators-of-compromise

Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts to determine maliciousness confidence, campaign attribution, and blocking priority. Use when triaging IOCs from phishing emails, security alerts, or external threat feeds; enriching raw IOCs with multi-source intelligence; or making block/monitor/whitelist decisions. Activates for requests involving VirusTotal, AbuseIPDB, MalwareBazaar, MISP, or IOC enrichment pipelines.

12,642 Updated today

mukul975

AI & Automation Featured

collecting-indicators-of-compromise

Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security incidents to enable detection, blocking, and threat intelligence sharing. Covers network, host, email, and behavioral indicators using STIX/TAXII formats and threat intelligence platforms. Activates for requests involving IOC collection, indicator extraction, threat indicator sharing, compromise indicators, STIX export, or IOC enrichment.

12,642 Updated today

mukul975

Data & Documents Solid

ioc

IOC extraction, enrichment, and threat intelligence correlation

183 Updated 1 months ago

majiayu000