extracting-iocs-from-malware-samples
Installation
SKILL.md
Extracting IOCs from Malware Samples
When to Use
- A malware analysis (static or dynamic) is complete and actionable indicators need to be extracted for defense teams
- Building blocklists for firewalls, proxies, and DNS sinkholes from analyzed samples
- Creating YARA rules, Snort/Suricata signatures, or SIEM detection content from malware artifacts
- Contributing to threat intelligence sharing platforms (MISP, OTX, ThreatConnect)
- Tracking malware campaigns by correlating IOCs across multiple samples
Do not use for IOCs from unverified sources without validation; false positives in blocklists can disrupt legitimate business operations.