├── .gitignore
├── Deob_NOOPLDR.py
├── GobRAT-Analysis
    ├── GobRAT_Client.go
    ├── GobRAT_Server.go
    ├── README.md
    └── image
    │   ├── demo1.gif
    │   └── demo2.gif
├── LICENSE.txt
├── README.md
├── adwind_string_decoder.py
├── apt17scan.py
├── citadel_decryptor
    ├── README.md
    ├── citadel.py
    └── citadel_decryptor.py
├── cobaltstrikescan.py
├── datper_elk.py
├── datper_splunk.py
├── emdivi_postdata_decoder.py
├── emdivi_string_decryptor.py
├── impfuzzy
    └── README.md
├── parse_crossc2beacon_config.py
├── redleavesscan.py
├── tscookie_data_decode.py
├── tscookie_decode.py
└── wellmess_cookie_decode.py


/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/.gitignore


--------------------------------------------------------------------------------
/Deob_NOOPLDR.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/Deob_NOOPLDR.py


--------------------------------------------------------------------------------
/GobRAT-Analysis/GobRAT_Client.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/GobRAT-Analysis/GobRAT_Client.go


--------------------------------------------------------------------------------
/GobRAT-Analysis/GobRAT_Server.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/GobRAT-Analysis/GobRAT_Server.go


--------------------------------------------------------------------------------
/GobRAT-Analysis/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/GobRAT-Analysis/README.md


--------------------------------------------------------------------------------
/GobRAT-Analysis/image/demo1.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/GobRAT-Analysis/image/demo1.gif


--------------------------------------------------------------------------------
/GobRAT-Analysis/image/demo2.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/GobRAT-Analysis/image/demo2.gif


--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/LICENSE.txt


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/README.md


--------------------------------------------------------------------------------
/adwind_string_decoder.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/adwind_string_decoder.py


--------------------------------------------------------------------------------
/apt17scan.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/apt17scan.py


--------------------------------------------------------------------------------
/citadel_decryptor/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/citadel_decryptor/README.md


--------------------------------------------------------------------------------
/citadel_decryptor/citadel.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/citadel_decryptor/citadel.py


--------------------------------------------------------------------------------
/citadel_decryptor/citadel_decryptor.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/citadel_decryptor/citadel_decryptor.py


--------------------------------------------------------------------------------
/cobaltstrikescan.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/cobaltstrikescan.py


--------------------------------------------------------------------------------
/datper_elk.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/datper_elk.py


--------------------------------------------------------------------------------
/datper_splunk.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/datper_splunk.py


--------------------------------------------------------------------------------
/emdivi_postdata_decoder.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/emdivi_postdata_decoder.py


--------------------------------------------------------------------------------
/emdivi_string_decryptor.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/emdivi_string_decryptor.py


--------------------------------------------------------------------------------
/impfuzzy/README.md:
--------------------------------------------------------------------------------
1 | # This repository has been moved to:
2 | ## https://github.com/JPCERTCC/impfuzzy
3 | 


--------------------------------------------------------------------------------
/parse_crossc2beacon_config.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/parse_crossc2beacon_config.py


--------------------------------------------------------------------------------
/redleavesscan.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/redleavesscan.py


--------------------------------------------------------------------------------
/tscookie_data_decode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/tscookie_data_decode.py


--------------------------------------------------------------------------------
/tscookie_decode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/tscookie_decode.py


--------------------------------------------------------------------------------
/wellmess_cookie_decode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JPCERTCC/aa-tools/HEAD/wellmess_cookie_decode.py


--------------------------------------------------------------------------------