How does it handle the safe sharing of malicious URLs and IPs?

The skill includes a dedicated defanging step that modifies indicators (e.g., hxxp:// or [.] ) to prevent accidental clicking or activation during report sharing.

Can this skill analyze network traffic for indicators?

Yes, it includes workflows using tshark to extract DNS queries, HTTP hosts, TLS server names (SNI), and JA3 fingerprints from PCAP files.

What types of file hashes can this skill generate?

The skill generates standard MD5, SHA-1, and SHA-256 hashes, as well as forensic-specific hashes like imphash for PE files and ssdeep for fuzzy matching.

Does it support standardized threat intelligence formats?

Yes, it provides automated scripts to export extracted indicators into STIX 2.1 bundles and CSV formats for SIEM and firewall ingestion.

Malware IOC Extractor

Name: Malware IOC Extractor
Author: mukul975

bymukul975

•

4,120

•

보안 및 테스팅

Extracts and validates indicators of compromise (IOCs) from malware samples to generate actionable threat intelligence.

The Malware IOC Extractor skill enables automated harvesting of forensic artifacts from malicious software, including file hashes, network indicators, and host-based artifacts. By providing structured workflows for static analysis, PCAP parsing, and sandbox report interpretation, this skill helps security researchers and incident responders quickly generate blocklists and threat intelligence packages. It includes built-in support for defanging indicators to ensure safe sharing and supports standardized export formats like STIX and MISP to streamline defensive operations and detection rule creation.

주요 기능

014,120 GitHub stars

02Network indicator extraction from binary strings and PCAP network captures

03Comprehensive file hashing including MD5, SHA-256, Imphash, and ssdeep

04Automated IOC validation and enrichment using the VirusTotal API

05Host-based artifact identification for registry keys, mutexes, and file paths

06Standardized data export in STIX 2.1, MISP, and CSV formats

사용 사례

01Contributing structured threat data to intelligence sharing platforms like MISP

02Creating YARA rules and SIEM detection content from host and network artifacts

03Generating firewall and proxy blocklists from analyzed malware samples

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills extracting-iocs-from-malware-samples

For use in Claude.ai and ChatGPT

주요 기능

014,120 GitHub stars

02Network indicator extraction from binary strings and PCAP network captures

03Comprehensive file hashing including MD5, SHA-256, Imphash, and ssdeep

04Automated IOC validation and enrichment using the VirusTotal API

05Host-based artifact identification for registry keys, mutexes, and file paths

06Standardized data export in STIX 2.1, MISP, and CSV formats

사용 사례

01Contributing structured threat data to intelligence sharing platforms like MISP

02Creating YARA rules and SIEM detection content from host and network artifacts

03Generating firewall and proxy blocklists from analyzed malware samples

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills extracting-iocs-from-malware-samples

For use in Claude.ai and ChatGPT