CelesTLSH Updates: New CLI Tool and 52 Malware Families added!

I’ve released a new CLI tool written in Golang that requires 0 external dependancies which calculates TLSH hashes, compares the distance, and can check them against the open hash set that is used. (If there’s interest for any subscribers, let me know and I can engineer it to also check against all malware families!)

I wrote about it here: Announcing CelesTLSH CLI: A Lightweight Tool for TLSH Hash Analysis

The CLI Tool Code: GitHub - Magonia-Research/CelesTLSH-CLI: A Go-based CLI tool for calculating TLSH hashes that's powered the be CelesTLSH Hash Database, comparing similarity between files, and matching against a database of known attack tools. Features include hash calculation, distance measurement, database downloading, and similarity matching with multiple output formats.

The FOSS Hash Set it currently uses: GitHub - Magonia-Research/CelesTLSH-Hashes: A repository of TLSH hashes of various attack tools found on Github

The latest update also adds a TON of new Malware Families the full list can be found below:

• SSHdKit
• Kaiji
• DarkCloud
• StealeriumStealer
• Hajime
• CryptOne
• Phorpiex
• SkuldStealer
• Worm.m0yv
• XenoRAT
• DarkVisionRAT
• STRRAT
• DarkTortilla
• VIPKeylogger
• 404Keylogger
• WormLocker
• VenomRAT
• Neshta
• GCleaner
• WSHRAT
• RustyStealer
• RaspberryRobin
• ValleyRAT
• Latrodectus
• PureLogStealer
• PovertyStealer
• Chaos
• MeduzaStealer
• AdFind
• Emmenhtal
• DarkComet
• DBatLoader
• XRed
• NodeLoader
• ACRStealer
• AmosStealer
• BlankGrabber
• LegionLoader
• RiseLoader
• AurotunStealer
• PythonStealer
• SheetRAT
• Wabot
• Ryuk
• BlackSuit
• Lazarus
• MintsLoader
• DDosia
• Kimsuky
• Kuiper
• PoseidonStealer
• SysJoker

Just realized - this update brings us to 203 Malware Families/Attack tools being monitored and over 77,000 unique TLSH hashes