Welcome to KYGnus

Malware Analysis Tools

Comprehensive suite for IOC detection and malware analysis

IOC

Copyright Count 2018 Design by styleshout

File Analyzing IOC Tools

> MALWARE ANALYSIS TOOLKIT_

> COMPREHENSIVE SET OF TOOLS FOR IOC DETECTION

FILE ANALYSIS BASIC FILE INFORMATION 

file test.exe

Determines file type and basic information

EXIFTOOLS METADATA EXTRACTION 

exiftool test.exe

Extracts metadata from files

HASHING TOOLS FILE FINGERPRINTING 

md5sum test.exe
sha256sum test.exe

Generate cryptographic hashes for file identification

STRINGS ANALYSIS EXTRACT EMBEDDED STRINGS 

strings test.exe

Extracts human-readable strings from binary files

YARA PATTERN MATCHING

Installation:

sudo apt-get install -y yara

Scan commands:

yara -w malware_rules.yar file  #Scan 1 file
yara -w malware_rules.yar folder #Scan folder

CAPA CAPABILITY ANALYSIS 

capa test.exe

Detects capabilities in executables (PE, ELF, .NET)

  • Identifies ATT&CK tactics
  • Finds suspicious capabilities
  • Analyzes persistence techniques
  • Detects network activities

FLOSS OBFUSCATED STRING RECOVERY 

floss malware.exe

Advanced string extraction from obfuscated binaries

Options:

floss --only stack tight -- suspicious.exe
floss --no static -- backdoor.exe

RADARE2 REVERSE ENGINEERING FRAMEWORK

Basic analysis:

r2 -d ./binary
aaa          # Analyze all
pdf @ main   # Disassemble main function
iz           # List strings

Advanced features:

  • Control flow analysis
  • Binary patching
  • Debugging
  • Scripting with Python

ONLINE ANALYSIS TOOLS CLOUD-BASED SCANNING

Documnets and Tools

└─$ Dangerous Malwares
hacktricks
Kodous
hybrid-analysis