├── .gitattributes ├── .gitignore ├── CHANGELOG.MD ├── LICENSE.md ├── NOTICE.txt ├── README.md ├── nightMARE ├── __init__.py ├── analysis │ ├── __init__.py │ ├── emulation.py │ └── reversing.py ├── core │ ├── __init__.py │ ├── bits.py │ ├── cast.py │ ├── compression │ │ ├── __init__.py │ │ └── lznt1.py │ ├── regex.py │ └── utils.py └── malware │ ├── __init__.py │ ├── blister │ ├── __init__.py │ ├── configuration.py │ └── crypto.py │ ├── deprecated │ ├── __init__.py │ └── icedid │ │ ├── __init__.py │ │ ├── common.py │ │ ├── compression.py │ │ ├── configuration.py │ │ ├── core.py │ │ ├── crypto.py │ │ ├── custom_pe.py │ │ ├── fake_gzip.py │ │ └── windows.py │ ├── ghostpulse │ ├── __init__.py │ ├── payload_common.py │ ├── payload_idat.py │ └── payload_pixels.py │ ├── latrodectus │ ├── __init__.py │ ├── old │ │ ├── __init__.py │ │ └── crypto.py │ └── v1_9 │ │ ├── __init__.py │ │ ├── configuration.py │ │ └── crypto.py │ ├── lobshot │ ├── __init__.py │ ├── configuration.py │ └── crypto.py │ ├── lumma │ ├── __init__.py │ └── configuration.py │ ├── netwire │ ├── __init__.py │ └── configuration.py │ ├── redlinestealer │ ├── __init__.py │ └── configuration.py │ ├── remcos │ ├── __init__.py │ ├── c2.py │ ├── configuration.py │ └── struct.py │ ├── smokeloader │ ├── __init__.py │ └── configuration.py │ ├── stealc │ ├── __init__.py │ ├── configuration.py │ └── crypto.py │ ├── strelastealer │ ├── __init__.py │ └── payload.py │ ├── warmcookie │ ├── __init__.py │ └── configuration.py │ └── xorddos │ ├── __init__.py │ └── configuration.py ├── pyproject.toml └── tests └── test_malware.py /.gitattributes: -------------------------------------------------------------------------------- 1 | * -text 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/.gitignore -------------------------------------------------------------------------------- /CHANGELOG.MD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/CHANGELOG.MD -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/LICENSE.md -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/NOTICE.txt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/README.md -------------------------------------------------------------------------------- /nightMARE/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/__init__.py -------------------------------------------------------------------------------- /nightMARE/analysis/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/analysis/__init__.py -------------------------------------------------------------------------------- /nightMARE/analysis/emulation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/analysis/emulation.py -------------------------------------------------------------------------------- /nightMARE/analysis/reversing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/analysis/reversing.py -------------------------------------------------------------------------------- /nightMARE/core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/core/__init__.py -------------------------------------------------------------------------------- /nightMARE/core/bits.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/core/bits.py -------------------------------------------------------------------------------- /nightMARE/core/cast.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/core/cast.py -------------------------------------------------------------------------------- /nightMARE/core/compression/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/core/compression/__init__.py -------------------------------------------------------------------------------- /nightMARE/core/compression/lznt1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/core/compression/lznt1.py -------------------------------------------------------------------------------- /nightMARE/core/regex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/core/regex.py -------------------------------------------------------------------------------- /nightMARE/core/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/core/utils.py -------------------------------------------------------------------------------- /nightMARE/malware/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/blister/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/blister/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/blister/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/blister/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/blister/crypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/blister/crypto.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/common.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/compression.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/compression.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/core.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/core.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/crypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/crypto.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/custom_pe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/custom_pe.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/fake_gzip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/fake_gzip.py -------------------------------------------------------------------------------- /nightMARE/malware/deprecated/icedid/windows.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/deprecated/icedid/windows.py -------------------------------------------------------------------------------- /nightMARE/malware/ghostpulse/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/ghostpulse/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/ghostpulse/payload_common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/ghostpulse/payload_common.py -------------------------------------------------------------------------------- /nightMARE/malware/ghostpulse/payload_idat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/ghostpulse/payload_idat.py -------------------------------------------------------------------------------- /nightMARE/malware/ghostpulse/payload_pixels.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/ghostpulse/payload_pixels.py -------------------------------------------------------------------------------- /nightMARE/malware/latrodectus/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/latrodectus/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/latrodectus/old/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/latrodectus/old/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/latrodectus/old/crypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/latrodectus/old/crypto.py -------------------------------------------------------------------------------- /nightMARE/malware/latrodectus/v1_9/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/latrodectus/v1_9/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/latrodectus/v1_9/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/latrodectus/v1_9/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/latrodectus/v1_9/crypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/latrodectus/v1_9/crypto.py -------------------------------------------------------------------------------- /nightMARE/malware/lobshot/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/lobshot/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/lobshot/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/lobshot/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/lobshot/crypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/lobshot/crypto.py -------------------------------------------------------------------------------- /nightMARE/malware/lumma/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/lumma/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/lumma/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/lumma/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/netwire/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/netwire/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/netwire/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/netwire/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/redlinestealer/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/redlinestealer/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/redlinestealer/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/redlinestealer/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/remcos/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/remcos/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/remcos/c2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/remcos/c2.py -------------------------------------------------------------------------------- /nightMARE/malware/remcos/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/remcos/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/remcos/struct.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/remcos/struct.py -------------------------------------------------------------------------------- /nightMARE/malware/smokeloader/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/smokeloader/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/smokeloader/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/smokeloader/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/stealc/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/stealc/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/stealc/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/stealc/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/stealc/crypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/stealc/crypto.py -------------------------------------------------------------------------------- /nightMARE/malware/strelastealer/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/strelastealer/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/strelastealer/payload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/strelastealer/payload.py -------------------------------------------------------------------------------- /nightMARE/malware/warmcookie/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/warmcookie/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/warmcookie/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/warmcookie/configuration.py -------------------------------------------------------------------------------- /nightMARE/malware/xorddos/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/xorddos/__init__.py -------------------------------------------------------------------------------- /nightMARE/malware/xorddos/configuration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/nightMARE/malware/xorddos/configuration.py -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/pyproject.toml -------------------------------------------------------------------------------- /tests/test_malware.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/elastic/nightMARE/HEAD/tests/test_malware.py --------------------------------------------------------------------------------