Ontu 0ntu
0ntu
/ quarry_proxy.py
Last active
March 3, 2026 02:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from twisted.internet import reactor | |
| from quarry.net.proxy import DownstreamFactory, Bridge | |
| def truncate(data, length=30): | |
| return data[:length] + "..." if len(data) > length else data | |
| ignore = [] | |
| class HackProxy(Bridge): | |
| def packet_unhandled(self, buff, direction, name): |
0ntu
/ sample2.yara
Last active
March 28, 2025 22:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "pe" | |
| rule sample2_exe_infostealer { | |
| meta: | |
| malware = "sample2.exe: Raccoon Infostealer" | |
| author = "Nathan Padriga" | |
| creation_date = "2025-03-28" | |
| version = "1.0" | |
| strings: |