Skip to content


Scanner for Simple Indicators of Compromise - GitHub: - Features - File Name IOC - Yara Rule Check - Hash check - C2 Back Connect Check - Additional features - Regin filesystem check (via --reginfs) - Process anomaly check (based on Sysforensics) - SWF decompressed scan (new since version v0.8) - SAM dump check - DoublePulsar check - tries to detect DoublePulsar backdoor on - port 445/tcp and 3389/tcp - PE-Sieve process check - Signature Base:

Spark Core


A library to load, manipulate, dump PE files.


Based on libpeconv. Scans a given process, searching for potentially malicious implants and patches within the process space.

PE Studio

Malware Initial Assessment