~alienagain/curious_butterfly

a raku based alternative to YARA for looking for malware genes on several samples

8ff13b3 deleted an image

a day ago

5fc85ca I fixed the regex that wasn working

a day ago

#Malware analisys with curious butterfly

#How does it work

The idea is taking advantage of Raku grammars to look for structures that statically looks like malware (similar to a YARA, with conditions and regex of strings, libraries and structures in the reversing). Since the tool is based on raku, it needs rakudo to work:

apt install rakudo

Which is the raku compiler. The main script is cubu:

chmod u+x cubu
./cubu

A pop up will appear. The example provided is Sparkling Goblin, a threat actor. The .raku script is based on strings inside malware samples of Sparkling Goblin. If entered the folder (samples in this case) and the threat name (sparkling_goblin in this case), a file would be generated with coincidences found, and written in a file which name that looks like results_<threat name> in this case results_sparkling_goblin.