Skip to content

elastic/malware-exquacker-modules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits

.vscode

.vscode

 
 

asyncrat

asyncrat

 
 

azorult

azorult

 
 

citadel

citadel

 
 

cobalt_strike

cobalt_strike

 
 

dridex

dridex

 
 

hancitor

hancitor

 
 

icedid

icedid

 
 

phoreal

phoreal

 
 

utils

utils

 
 

zloader

zloader

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

__init__.py

__init__.py

 
 

Repository files navigation

Malware Exquacker Extraction Modules

NOTE: This repo is intended to use as part of an Elastic malware-exquacker pipeline. See the main repo at: https://github.com/elastic/malware-exquacker

Extracts Malware Configurations using Malduck

This is a fork of the upstream work located here: https://github.com/c3rb3ru5d3d53c/mwcfg-modules. You can use these modules in the same way using the CLI utility for MalDuck called mwcfg or using the Elastic tool called malware-exquacker. Elastic Security researchers publish extractors for malware that we've developed internally and make them available to the community as-is. Other modules from the upstream repo have been modified to match our Elastic Common Schema output.

Supported Modules:

  • ✔️ ASyncRAT
  • ✔️ Azorult
  • ✔️ Citadel
  • ✔️ Cobalt Strike
  • ✔️ Dridex
  • ✔️ Hancitor
  • ✔️ IcedID
    • ✔️ PhotoLoader
    • ✔️ PELoader
    • ✔️ Process Implant Memory
  • ✔️ Phoreal
  • ✔️ ZLoader

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause license

Security policy

Security policy
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages