~alienagain/curious_butterfly

a raku based alternative to YARA for looking for malware genes on several samples
deleted an image
I fixed the regex that wasn working

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~alienagain/curious_butterfly
read/write
git@git.sr.ht:~alienagain/curious_butterfly

You can also use your local clone with git send-email.

#Malware analisys with curious butterfly

#How does it work

The idea is taking advantage of Raku grammars to look for structures that statically looks like malware (similar to a YARA, with conditions and regex of strings, libraries and structures in the reversing). Since the tool is based on raku, it needs rakudo to work:

apt install rakudo

Which is the raku compiler. The main script is cubu:

chmod u+x cubu
./cubu

A pop up will appear. The example provided is Sparkling Goblin, a threat actor. The .raku script is based on strings inside malware samples of Sparkling Goblin. If entered the folder (samples in this case) and the threat name (sparkling_goblin in this case), a file would be generated with coincidences found, and written in a file which name that looks like results_<threat name> in this case results_sparkling_goblin.