extracting-iocs-from-malware-samples

Installation
SKILL.md

Extracting IOCs from Malware Samples

When to Use

  • A malware analysis (static or dynamic) is complete and actionable indicators need to be extracted for defense teams
  • Building blocklists for firewalls, proxies, and DNS sinkholes from analyzed samples
  • Creating YARA rules, Snort/Suricata signatures, or SIEM detection content from malware artifacts
  • Contributing to threat intelligence sharing platforms (MISP, OTX, ThreatConnect)
  • Tracking malware campaigns by correlating IOCs across multiple samples

Do not use for IOCs from unverified sources without validation; false positives in blocklists can disrupt legitimate business operations.

Prerequisites

Installs
43
GitHub Stars
24.2K
First Seen
Mar 15, 2026
extracting-iocs-from-malware-samples — mukul975/anthropic-cybersecurity-skills