There are many different kinds of malware, but most of them have something in common, and that something is the wish to gain persistence on the station.
As part of the IR Team, I understood that no matter what kind of malware the organization would fall to, there will always be a need to check an enormous amount of PC’s and make sure they are clean. This might be a bit annoying and time-consuming to check every IOC’s one by one on many PC’s, so I wrote a little tool to help me and everyone else to do it easily.
The tool is written in C#, and you can download it from here.
The better way to use it is to put the tool with the updated config file in the write-blocker and just run it on the pc. But there are also some security systems that can run whatever you decide on pc.
I hope it’s going to be helpful for you!