Explore the technical implementation of the Detonate system, including sandbox creation, the supporting technology, telemetry collection, and how to blow stuff up.
Unpacking ICEDID
ICEDID is known to pack its payloads using custom file formats and a custom encryption scheme. We are releasing a set of tools to automate the unpacking process and help analysts and the community respond to ICEDID.
Click, Click… Boom! Automating Protections Testing with Detonate
To automate this process and test our protections at scale, we built Detonate, a system that is used by security research engineers to measure the efficacy of our Elastic Security solution in an automated fashion.
NETWIRE Configuration Extractor
Python script to extract the configuration from NETWIRE samples.
ICEDID Configuration Extractor
Python script to extract the configuration from ICEDID samples.
EMOTET Configuration Extractor
Python script to extract the configuration from EMOTET samples.
PARALLAX Payload Extractor
Python script to extract the payload from PARALLAX samples.
QBOT Configuration Extractor
Python script to extract the configuration from QBOT samples.
BLISTER Configuration Extractor
Python script to extract the configuration and payload from BLISTER samples.