~alienagain/curious_butterfly

70aa3f3d64f8de27ac3c6f281ee8c75885b20137 — alien 1 year, 7 months ago ce4db6d
adding readme
1 files changed, 18 insertions(+), 0 deletions(-)

A README
A README => README +18 -0
@@ 0,0 1,18 @@
# Malware analisys with curious butterfly

## How does it work

The idea is taking advantage of Raku grammars to look for structures that statically looks like malware (similar to a YARA, with conditions and regex of strings, libraries and structures in the reversing). Since the tool is based on raku, it needs rakudo to work:

```
apt install rakudo
```

Which is the raku compiler. The main script is cubu:

```
chmod u+x cubu
./cubu
```

A pop up will appear. The example provided is Sparkling Goblin, a threat actor. The `.raku` script is based on strings inside malware samples of Sparkling Goblin. If entered the folder (`samples` in this case) and the threat name (`sparkling_goblin` in this case), a file would be generated with coincidences found, and written in a file which name that looks like `results_<threat name>` in this case `results_sparkling_goblin`.