sf

Advanced Indicator of Compromise (IOC) extractor. Overview This library extracts URLs, IP addresses, MD5/SHA hashes, electronic mail addresses, in addition to YARA rules from text corpora. It includes around encoded in addition to "defanged" IOCs inwards the output, in addition to optionally decodes/refangs them. The Problem It is mutual do for malware analysts or endpoint software to "defang" IOCs such equally URLs in addition to IP addresses, inwards guild to forestall accidental exposure to alive malicious content. Being able to extract in addition to aggregate these IOCs is oft valuable for analysts. Unfortunately, existing "IOC extraction" tools oft overstep correct yesteryear them, equally they are non caught yesteryear criterion regex. For example, the unproblematic defanging technique of surrounding periods alongside brackets: 127[.]0[.]0[.]1 Existing tools that utilization a unproblematic IP address regex volition ignore ...