Pinned Repositories
icedID
icedID Campaign
aevt_decompile
This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembler.py into something more human-readable.
Cl0p-ELF-Decryptor
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.
Crypt1_IOCs
Massive unpacking of CryptOne samples
enumerate-macos-loginitems
Xcode Playground that will return a list of all installed applications for a user that use SMLoginItem API
macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
meteor-express
Hashes and Yara hunting rules for MeteorExpress Wiper
Shadowpad
Technical Indicators for SentinelLabs ShadowPad research
XProtect-Malware-Families
Mapping XProtect's obfuscated malware family names to common industry names.
phil-s1's Repositories
phil-s1/icedID
icedID Campaign