├── .DS_Store
├── CODE_OF_CONDUCT.md
├── FantasticRootkits
    ├── .DS_Store
    ├── DirectKernelObjectManipulation
    │   ├── .DS_Store
    │   ├── DirectKernelObjectManipulation.inf
    │   ├── DirectKernelObjectManipulation.vcxproj
    │   ├── DirectKernelObjectManipulation.vcxproj.filters
    │   ├── DirectKernelObjectManipulation.vcxproj.user
    │   └── DriverEntry.cpp
    ├── FantasticRootkits.sln
    ├── IdtHooking
    │   ├── .DS_Store
    │   ├── DriverEntry.cpp
    │   ├── IdtHooking.inf
    │   ├── IdtHooking.vcxproj
    │   ├── IdtHooking.vcxproj.filters
    │   ├── IdtHooking.vcxproj.user
    │   └── Trace.h
    ├── MsrHooking
    │   ├── .DS_Store
    │   ├── DriverEntry.cpp
    │   ├── MsrHooking.inf
    │   ├── MsrHooking.vcxproj
    │   ├── MsrHooking.vcxproj.filters
    │   ├── MsrHooking.vcxproj.user
    │   └── Trace.h
    ├── SsdtHooking
    │   ├── .DS_Store
    │   ├── DriverEntry.cpp
    │   ├── SsdtHooking.inf
    │   ├── SsdtHooking.vcxproj
    │   ├── SsdtHooking.vcxproj.filters
    │   └── Trace.h
    └── readme.md
├── FickerStealer
    ├── Ficker_Stealer.yar
    ├── Ficker_deobfuscator
    │   ├── README.md
    │   ├── ficker_ida.py
    │   └── ficker_usage.gif
    ├── IoCs.md
    └── README.md
├── KryptonStealer
    ├── README.md
    └── krypton_stealer.yar
├── LICENSE
├── MassJacker
    └── MassJacker CryptoWallets.md
├── MatanbuchusLoader
    ├── IoCs.md
    ├── Matanbuchus_initial_stage.yar
    ├── Matanbuchus_main_stage.yar
    └── README.md
├── OskiStealer
    ├── IoCs.pdf
    ├── Oski_Stealer.yara
    ├── Oski_deobfuscator
    │   ├── README.md
    │   ├── after_script.png
    │   ├── before_script.png
    │   ├── oski_ida.py
    │   └── oski_usage.gif
    └── README.md
├── README.md
├── RaccoonStealer
    ├── README.md
    └── raccoon_stealer.yar
└── SECURITY.md


/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/.DS_Store


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/CODE_OF_CONDUCT.md


--------------------------------------------------------------------------------
/FantasticRootkits/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/.DS_Store


--------------------------------------------------------------------------------
/FantasticRootkits/DirectKernelObjectManipulation/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/DirectKernelObjectManipulation/.DS_Store


--------------------------------------------------------------------------------
/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.inf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.inf


--------------------------------------------------------------------------------
/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.vcxproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.vcxproj


--------------------------------------------------------------------------------
/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.vcxproj.filters:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.vcxproj.filters


--------------------------------------------------------------------------------
/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.vcxproj.user:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/DirectKernelObjectManipulation/DirectKernelObjectManipulation.vcxproj.user


--------------------------------------------------------------------------------
/FantasticRootkits/DirectKernelObjectManipulation/DriverEntry.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/DirectKernelObjectManipulation/DriverEntry.cpp


--------------------------------------------------------------------------------
/FantasticRootkits/FantasticRootkits.sln:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/FantasticRootkits.sln


--------------------------------------------------------------------------------
/FantasticRootkits/IdtHooking/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/IdtHooking/.DS_Store


--------------------------------------------------------------------------------
/FantasticRootkits/IdtHooking/DriverEntry.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/IdtHooking/DriverEntry.cpp


--------------------------------------------------------------------------------
/FantasticRootkits/IdtHooking/IdtHooking.inf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/IdtHooking/IdtHooking.inf


--------------------------------------------------------------------------------
/FantasticRootkits/IdtHooking/IdtHooking.vcxproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/IdtHooking/IdtHooking.vcxproj


--------------------------------------------------------------------------------
/FantasticRootkits/IdtHooking/IdtHooking.vcxproj.filters:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/IdtHooking/IdtHooking.vcxproj.filters


--------------------------------------------------------------------------------
/FantasticRootkits/IdtHooking/IdtHooking.vcxproj.user:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/IdtHooking/IdtHooking.vcxproj.user


--------------------------------------------------------------------------------
/FantasticRootkits/IdtHooking/Trace.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/IdtHooking/Trace.h


--------------------------------------------------------------------------------
/FantasticRootkits/MsrHooking/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/MsrHooking/.DS_Store


--------------------------------------------------------------------------------
/FantasticRootkits/MsrHooking/DriverEntry.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/MsrHooking/DriverEntry.cpp


--------------------------------------------------------------------------------
/FantasticRootkits/MsrHooking/MsrHooking.inf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/MsrHooking/MsrHooking.inf


--------------------------------------------------------------------------------
/FantasticRootkits/MsrHooking/MsrHooking.vcxproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/MsrHooking/MsrHooking.vcxproj


--------------------------------------------------------------------------------
/FantasticRootkits/MsrHooking/MsrHooking.vcxproj.filters:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/MsrHooking/MsrHooking.vcxproj.filters


--------------------------------------------------------------------------------
/FantasticRootkits/MsrHooking/MsrHooking.vcxproj.user:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/MsrHooking/MsrHooking.vcxproj.user


--------------------------------------------------------------------------------
/FantasticRootkits/MsrHooking/Trace.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/MsrHooking/Trace.h


--------------------------------------------------------------------------------
/FantasticRootkits/SsdtHooking/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/SsdtHooking/.DS_Store


--------------------------------------------------------------------------------
/FantasticRootkits/SsdtHooking/DriverEntry.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/SsdtHooking/DriverEntry.cpp


--------------------------------------------------------------------------------
/FantasticRootkits/SsdtHooking/SsdtHooking.inf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/SsdtHooking/SsdtHooking.inf


--------------------------------------------------------------------------------
/FantasticRootkits/SsdtHooking/SsdtHooking.vcxproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/SsdtHooking/SsdtHooking.vcxproj


--------------------------------------------------------------------------------
/FantasticRootkits/SsdtHooking/SsdtHooking.vcxproj.filters:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/SsdtHooking/SsdtHooking.vcxproj.filters


--------------------------------------------------------------------------------
/FantasticRootkits/SsdtHooking/Trace.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/SsdtHooking/Trace.h


--------------------------------------------------------------------------------
/FantasticRootkits/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FantasticRootkits/readme.md


--------------------------------------------------------------------------------
/FickerStealer/Ficker_Stealer.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FickerStealer/Ficker_Stealer.yar


--------------------------------------------------------------------------------
/FickerStealer/Ficker_deobfuscator/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FickerStealer/Ficker_deobfuscator/README.md


--------------------------------------------------------------------------------
/FickerStealer/Ficker_deobfuscator/ficker_ida.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FickerStealer/Ficker_deobfuscator/ficker_ida.py


--------------------------------------------------------------------------------
/FickerStealer/Ficker_deobfuscator/ficker_usage.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FickerStealer/Ficker_deobfuscator/ficker_usage.gif


--------------------------------------------------------------------------------
/FickerStealer/IoCs.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FickerStealer/IoCs.md


--------------------------------------------------------------------------------
/FickerStealer/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/FickerStealer/README.md


--------------------------------------------------------------------------------
/KryptonStealer/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/KryptonStealer/README.md


--------------------------------------------------------------------------------
/KryptonStealer/krypton_stealer.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/KryptonStealer/krypton_stealer.yar


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/LICENSE


--------------------------------------------------------------------------------
/MassJacker/MassJacker CryptoWallets.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/MassJacker/MassJacker CryptoWallets.md


--------------------------------------------------------------------------------
/MatanbuchusLoader/IoCs.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/MatanbuchusLoader/IoCs.md


--------------------------------------------------------------------------------
/MatanbuchusLoader/Matanbuchus_initial_stage.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/MatanbuchusLoader/Matanbuchus_initial_stage.yar


--------------------------------------------------------------------------------
/MatanbuchusLoader/Matanbuchus_main_stage.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/MatanbuchusLoader/Matanbuchus_main_stage.yar


--------------------------------------------------------------------------------
/MatanbuchusLoader/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/MatanbuchusLoader/README.md


--------------------------------------------------------------------------------
/OskiStealer/IoCs.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/IoCs.pdf


--------------------------------------------------------------------------------
/OskiStealer/Oski_Stealer.yara:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/Oski_Stealer.yara


--------------------------------------------------------------------------------
/OskiStealer/Oski_deobfuscator/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/Oski_deobfuscator/README.md


--------------------------------------------------------------------------------
/OskiStealer/Oski_deobfuscator/after_script.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/Oski_deobfuscator/after_script.png


--------------------------------------------------------------------------------
/OskiStealer/Oski_deobfuscator/before_script.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/Oski_deobfuscator/before_script.png


--------------------------------------------------------------------------------
/OskiStealer/Oski_deobfuscator/oski_ida.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/Oski_deobfuscator/oski_ida.py


--------------------------------------------------------------------------------
/OskiStealer/Oski_deobfuscator/oski_usage.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/Oski_deobfuscator/oski_usage.gif


--------------------------------------------------------------------------------
/OskiStealer/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/OskiStealer/README.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/README.md


--------------------------------------------------------------------------------
/RaccoonStealer/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/RaccoonStealer/README.md


--------------------------------------------------------------------------------
/RaccoonStealer/raccoon_stealer.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/RaccoonStealer/raccoon_stealer.yar


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cyberark/malware-research/HEAD/SECURITY.md


--------------------------------------------------------------------------------