Browsing: Strings

A Coding Implementation to Recover Hidden Malware IOCs with FLARE-FLOSS Beyond Classic Strings Analysis

By

banner(“STEP 6 — IOC hunting in the deobfuscated strings”) PATTERNS = [ (“URL”, re.compile(r”https?://[^\s\”<>]+”)), (“IP”, re.compile(r”\b(?:\d{1,3}\.){3}\d{1,3}\b”)), (“PE/script”, re.compile(r”[A-Za-z0-9_]+\.(?:exe|dll|sys|ps1|bat)\b”, re.I)), (“Win32 API”, re.compile(r”\b(?:Reg(?:Open|Set|Create|Delete)Key(?:Ex)?A?|VirtualAlloc(?:Ex)?|CreateRemoteThread|WinExec|LoadLibraryA?|GetProcAddress|InternetOpenA?)\b”)), (“Registry”, re.compile(r”SOFTWARE\\\\?[A-Za-z0-9_\\\\]+”, re.I)), (“Base64-like”,…