I hereby claim:
- I am te-k on github.
- I am tekkk (https://keybase.io/tekkk) on keybase.
- I have a public key ASAxurfjiAkDdpJOUYDFrvng5LRqFnBezupbp638b9Szawo
To claim this, I am signing this object:
Te-k
/ APT32_ActiveMime_Lure.yar
Created
May 15, 2017 14:50
APT32 ACtiveMime Lure yara rule by FireEye
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule APT32_ActiveMime_Lure { | |
| meta: | |
| filetype="MIME entity" | |
| author="Ian Ahl (@TekDefense) and Nick Carr (@ItsReallyNick)" | |
| date="2017-03-02" | |
| description="Developed to detect APT32 (OceanLotus group) phishing lures used to target FireEye customers in 2016 and 2017" | |
| strings: | |
| $a1= "office_text" wide ascii | |
| $a2= "schtasks /create /tn" wide ascii |
Te-k
/ flexispy_binaries.txt
Created
April 22, 2017 15:57
List of FlexiSpy binaries published by Flexidie
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| d46af65cb7bd12ce77b4d88bbdd4a005 5000_1.1.4.sisx https://www.virustotal.com/en/file/ce6bdf3374777757a36b8c3ad5e6cc8b6aced6f5083efdd286e6cb8f6837057f/analysis/ | |
| 39be87178c84d4afd07a80323a1d4b91 5002_2.24.3_green.APK https://www.virustotal.com/en/file/263219f185aa2a847bcb4ca981ec4a7c7eff8ded2d3b49d6fb2b4a578b43af60/analysis/ | |
| a5b589f4edac1aea9952d3faff261817 5002_-2.25.1_green.APK https://www.virustotal.com/en/file/2a1e5a7dafa54a23fe9050f1fdd1286d3bdfb75a80a90cafebfdbbc451f4f9a4/analysis/ | |
| 306adab7cfcb0d9a13956ca9e9dbd59a 5003_1.4.2.jad https://www.virustotal.com/en/file/cbd70044cdb54fcad29592a0c89d6b8aa9bf6af7fa825faa8447df134124dd5c/analysis/ | |
| eb295fe2e40f12014cdb05de07edcae2 5006_-1.0.12.exe https://www.virustotal.com/en/file/c134e6f40de54e2c5635ea2e25d7ea5b8c36528849c6ef7dd4d3b860af5fb521/analysis/ | |
| 8f6a42defdc8632c1baf961d7d9c3e5b 5006_1.0.13.exe https://www.virustotal.com/en/file/530c80602f72df99a4ed6c609db16f76d6260c984852c4a3f9a2dd03180b180b/analysis/ | |
| fa26d3c6fe253a35 |
Te-k
/ shadowbrokers-tools-process-names.txt
Last active
April 16, 2017 03:33
ShadowBrokers attack tool process names
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clocksvc.exe|*** PATROLWAGON ***|SAFE | |
| help16.exe|*** SOMETHING YOU UPLOADED??? ***|SAFE | |
| iexplorer.exe|*** UNITEDRAKE INSTALLER *** or RapidBlaster Virus|SAFE | |
| msalgmon.exe|*** VALIDATOR ***|SAFE | |
| mscache32.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
| mscfg32.exe|*** UNITEDRAKE ***|SAFE | |
| msdnsche.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
| msmmc32.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
| msntfs.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
| msregstr.exe|*** VALIDATOR ***|SAFE |
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 000stthk.exe|Toshiba Hotkey Configuration|NONE | |
| 007ssinstall.exe|007 Spy Software|NONE | |
| 00thotkey.exe|Toshiba Keyboard Helper|NONE | |
| 123downloadsuk[1].exe|123Mania Hijacker|NONE | |
| 12popup.exe|12Ghosts Popup-Killer|NONE | |
| 153.exe|??? Dialer.W32.153 ???|MALICIOUS_SOFTWARE | |
| 180sainstalleradperform.exe|180Solutions Zango|NONE | |
| 180sainstallernusac.exe|180SearchAssistant|NONE | |
| 1xconfig.exe|SCM MicroSystems Helper|NONE | |
| 2portalmon.exe|2wSysTray|NONE |
We can't make this file beautiful and searchable because it's too large.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nbf.sys|NetBEUI Frames Protocol Driver|ISO_HASH|233dfc9e9a807e557e18cb19a6a657875ab4072c|98176|20130424 | |
| 1394bus.sys|1394 Bus Device Driver|ISO_HASH|ed2ee2dbf59cbc45b66026c4513c7e46c44f9367|49536|20130424 | |
| 1394vdbg.sys|1394 Virtual Host Debugger Driver|ISO_HASH|107a8aad1760241b990a20050caa21cdcb2da1e8|11264|20130424 | |
| abp480n5.sys|AdvanSys SCSI Controller Driver|ISO_HASH|66d302025842f2268a867fc9a86b5bbcf0de5bab|23552|20130424 | |
| acpi.sys|ACPI Driver for NT|ISO_HASH|8a1c625c938d6f1a1c6a36a6268f7ca208427a05|179200|20130424 | |
| acpiec.sys|ACPI Embedded Controller Driver|ISO_HASH|f27a1ee007eb29db95bebeeb16f76322e2cdfdce|11648|20130424 | |
| adpu160m.sys|Adaptec Ultra160 SCSI miniport|ISO_HASH|53164fdfab5a0c0dd564d362c9da005f41e0bcc0|101888|20130424 | |
| advapi32.dll|Advanced Windows 32 Base API|ISO_HASH|19ab07a2bee6bbeaf71fa8a4376809bd4ee879db|549888|20130424 | |
| afd.sys|Ancillary Function Driver for WinSock|ISO_HASH|9263047bf35de34842e2438cbf80c30ace8c2936|130688|20130424 | |
| aha154x.sys|Adaptec AHA-154x series SCSI miniport|ISO_HASH|038e5cb |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1996-07-17 14:17:04 - ./Resources/LegacyWindowsExploits/Resources/Tools/COMPRESS.EXE | |
| 1998-01-03 14:17:13 - ./Resources/LegacyWindowsExploits/Resources/Tools/nc.exe | |
| 1998-07-12 21:59:28 - ./Resources/LegacyWindowsExploits/Resources/Tools/REG.EXE | |
| 1998-11-09 15:11:07 - ./Resources/LegacyWindowsExploits/Resources/Tools/DUMPEL.EXE | |
| 1999-09-25 06:59:23 - ./Resources/LegacyWindowsExploits/Resources/Tools/sc.exe | |
| 1999-10-29 13:56:03 - ./Resources/LegacyWindowsExploits/Resources/Tools/ClrSecLog.exe | |
| 2000-05-16 11:27:32 - ./Resources/LegacyWindowsExploits/Resources/Tools/MakeDebugScript2.exe | |
| 2000-09-19 17:44:14 - ./Resources/LegacyWindowsExploits/Resources/Tools/simrpc.exe | |
| 2000-10-03 17:01:55 - ./Resources/Ep/clocksvc.exe | |
| 2001-09-25 11:52:45 - ./Resources/LegacyWindowsExploits/Resources/Tools/xxxRIDEAREA.exe |
Te-k
/ keybase.md
Created
August 2, 2016 22:54
Te-k
/ lqdnrp_capture.py
Last active
May 11, 2016 19:56
Convert picture to 200 px width and upload it to lut.im for LQDN Press Review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/python2 | |
| import sys | |
| import requests | |
| import tempfile | |
| from PIL import Image | |
| def resize(source_path, dest_path): | |
| """Resize the image from the source path to the dest""" | |
| png = Image.open(source_path) | |
| width = png.size[0] |
NewerOlder