deleted an image
I fixed the regex that wasn working
styling
The idea is taking advantage of Raku grammars to look for structures that statically looks like malware (similar to a YARA, with conditions and regex of strings, libraries and structures in the reversing). Since the tool is based on raku, it needs rakudo to work:
apt install rakudo
Which is the raku compiler. The main script is cubu:
chmod u+x cubu
./cubu
A pop up will appear. The example provided is Sparkling Goblin, a threat actor. The .raku
script is based on strings inside malware samples of Sparkling Goblin. If entered the folder (samples
in this case) and the threat name (sparkling_goblin
in this case), a file would be generated with coincidences found, and written in a file which name that looks like results_<threat name>
in this case results_sparkling_goblin
.