Tools

Python script to extract the configuration from NETWIRE samples.

Python script to extract the configuration from ICEDID samples.

Python script to extract the configuration from EMOTET samples.

Python script to extract the payload from PARALLAX samples.

Python script to extract the configuration from QBOT samples.

Python script to extract the configuration and payload from BLISTER samples.

Configuration extractor to dump out hardcoded passwords with BPFDoor.

Python script to identify hosts infected with the BPFDoor malware.

Python script that collects Cobalt Strike memory data generated by security events from an Elasticsearch cluster, extracts the configuration from the CS beacon, and writes the data back to Elasticsearch.