Tools

ICEDID is known to pack its payloads using custom file formats and a custom encryption scheme. We are releasing a set of tools to automate the unpacking process and help analysts and the community respond to ICEDID.

To automate this process and test our protections at scale, we built Detonate, a system that is used by security research engineers to measure the efficacy of our Elastic Security solution in an automated fashion.

Python script to extract the configuration from NETWIRE samples.

Python script to extract the configuration from ICEDID samples.

Python script to extract the configuration from EMOTET samples.

Python script to extract the payload from PARALLAX samples.

Python script to extract the configuration from QBOT samples.

Python script to extract the configuration and payload from BLISTER samples.