On linux machine for Hash-Parser and Munin part git is necessary.
Debian
apt install git
Arch-linux
pacman -S git
- Linux
git clone --recurse-submodules https://github.com/Oni-kuki/IOC_Grabber
- Windows
However for the fileIOC_Grabber.ps1it's possible that you are obliged to work in Offline in an optics of Forensic so you can obviously use other way to make it available on your machine.
Otherwise you can also installgiton Windows.
you can easily do this with thechocolateypackage manager
https://chocolatey.org/
You can also use the compiled file provided
Just a small module to get all interesting IOC's on Windows
and analyze the hashes of different file types like .exe, .sys, .dll to compare them with different API's from :
Virustotal, HybridAnalysis, Any.Run, URLhaus, MISP, CAPE, Malshare, Valhalla, Hashlookup.
(For some tools it's just a matter of checking the URL, of course).
https://github.com/Oni-kuki/IOC_Grabber/blob/main/IOC_Grabber.ps1
- Be careful to have as many indicators as possible run the script with administrator rights
./IOC_Grabber.ps1
For hash analysis, I wrote a small tool, to extract the md5, Sha1 and Sha256 hashes from any file type.
https://github.com/Oni-kuki/Hash-Parser
./Hash-Parser.sh <filename>
For queries to different hash comparators
I just forked the Munin tool that can be found here: https://github.com/Neo23x0/munin
I salute Neo23x0 and the other contributors of this tool, you did a great job, thanks for that !
To use it, you just have to use the munin.py script by specifying the file name of the hashes you have previously generated
Attention, it may be necessary to install the different prerequisites of the munin tool, so for that you have to run the command :
pip3 install -r requirements
in the munin folder where the requirements file is located.
https://github.com/Oni-kuki/munin
./munin.py <Hashes_filename>