├── License.md
├── README.md
├── dridex
    ├── decode.py
    └── requirements.txt
├── emotet
    ├── ba758c64519be23b5abe7991b71cdcece30525f14e225f2fa07bbffdf406e539.i64
    └── resolve_function.py
├── gootloader
    ├── decode.py
    ├── decode_webredraw.py
    └── js_downloader_gootloader.yar
├── hancitor
    ├── requirements.txt
    └── unpacker.py
├── raspberryrobin
    ├── extract_wsf_script.py
    ├── patch_wsf.py
    └── wsf_loader_raspberryrobin.yar
├── ratdispenser
    ├── decode.py
    ├── ratdispenser.yar
    └── requirements.txt
└── xll
    ├── xlcall32_baza.yar
    ├── xlcall32_icedid.yar
    ├── xll_baza_extractor.py
    ├── xll_custom_builder.yar
    └── xll_icedid_extractor.py


/License.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/License.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/README.md


--------------------------------------------------------------------------------
/dridex/decode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/dridex/decode.py


--------------------------------------------------------------------------------
/dridex/requirements.txt:
--------------------------------------------------------------------------------
1 | openpyxl==3.0.5
2 | urllib3==1.26.1
3 | 


--------------------------------------------------------------------------------
/emotet/ba758c64519be23b5abe7991b71cdcece30525f14e225f2fa07bbffdf406e539.i64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/emotet/ba758c64519be23b5abe7991b71cdcece30525f14e225f2fa07bbffdf406e539.i64


--------------------------------------------------------------------------------
/emotet/resolve_function.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/emotet/resolve_function.py


--------------------------------------------------------------------------------
/gootloader/decode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/gootloader/decode.py


--------------------------------------------------------------------------------
/gootloader/decode_webredraw.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/gootloader/decode_webredraw.py


--------------------------------------------------------------------------------
/gootloader/js_downloader_gootloader.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/gootloader/js_downloader_gootloader.yar


--------------------------------------------------------------------------------
/hancitor/requirements.txt:
--------------------------------------------------------------------------------
1 | pefile == 2019.4.18
2 | wincrypto == 0.3
3 | 


--------------------------------------------------------------------------------
/hancitor/unpacker.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/hancitor/unpacker.py


--------------------------------------------------------------------------------
/raspberryrobin/extract_wsf_script.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/raspberryrobin/extract_wsf_script.py


--------------------------------------------------------------------------------
/raspberryrobin/patch_wsf.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/raspberryrobin/patch_wsf.py


--------------------------------------------------------------------------------
/raspberryrobin/wsf_loader_raspberryrobin.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/raspberryrobin/wsf_loader_raspberryrobin.yar


--------------------------------------------------------------------------------
/ratdispenser/decode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/ratdispenser/decode.py


--------------------------------------------------------------------------------
/ratdispenser/ratdispenser.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/ratdispenser/ratdispenser.yar


--------------------------------------------------------------------------------
/ratdispenser/requirements.txt:
--------------------------------------------------------------------------------
1 | file_magic == 0.4.0
2 | 


--------------------------------------------------------------------------------
/xll/xlcall32_baza.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/xll/xlcall32_baza.yar


--------------------------------------------------------------------------------
/xll/xlcall32_icedid.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/xll/xlcall32_icedid.yar


--------------------------------------------------------------------------------
/xll/xll_baza_extractor.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/xll/xll_baza_extractor.py


--------------------------------------------------------------------------------
/xll/xll_custom_builder.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/xll/xll_custom_builder.yar


--------------------------------------------------------------------------------
/xll/xll_icedid_extractor.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hpthreatresearch/tools/HEAD/xll/xll_icedid_extractor.py


--------------------------------------------------------------------------------