pedramamini
commented
1 year ago @imidoriya apologies for the suuuuper long delay in response. We've got the appropriate resources now to breathe some fresh life into our opensource efforts. Regarding your use case, you should be able to simply feed the binary contents through iocextract, be it programmatic or CLI. For example, consider this malware:
https://www.virustotal.com/gui/file/0a656baa4ca55df0c78dcc20151a223089da31e836bb8cd586969e2281cf9fbf
$ cat 0a656baa4ca55df0c78dcc20151a223089da31e836bb8cd586969e2281cf9fbf | iocextract
http://ukrsupport.info/ctrl/register.phpctrl/get_cmd.php?hdd=ctrl/result.phpctrl/file.php?hdd=TEMPCOMSPEC\hdd.txtLet us know if that doesn't address your use case and we'll re-open this issue. Perhaps we added the feature in the 2 years since you first opened this bug ;-)
Looking at how I might use something like this to pull indicators directly from malware binaries. Wondering if something like this could essentially run
stringsand extract ioc. Would also be nice to use this as a python library.