├── .gitignore ├── .travis.yml ├── CHANGELOG.md ├── LICENSE ├── MANIFEST.in ├── README.md ├── malconf ├── malwareconfig ├── __init__.py ├── common.py ├── crypto.py ├── decoders │ ├── LostDoor.py │ ├── RedLine.py │ ├── Xtreme.py │ ├── __init__.py │ ├── aar.py │ ├── adwind.py │ ├── adzok.py │ ├── alienspy.py │ ├── alina.py │ ├── arcom.py │ ├── blacknix.py │ ├── blackshades.py │ ├── bluebanana.py │ ├── bozok.py │ ├── clientmesh.py │ ├── cybergate.py │ ├── darkcomet.py │ ├── darkrat.py │ ├── hawkeye.py │ ├── hrat.py │ ├── jbifrost.py │ ├── jrat.py │ ├── luminositylink.py │ ├── luxnet.py │ ├── mirai.py │ ├── nanocore.py │ ├── netwire.py │ ├── njrat.py │ ├── plasma.py │ ├── remcos.py │ ├── saefko.py │ ├── sakula.py │ ├── spynote.py │ └── template.py ├── fileparser.py ├── modules.py ├── preprocessors │ ├── __init__.py │ └── upx.py ├── yaraRules │ ├── AAR.yar │ ├── Adzok.yar │ ├── AlienSpy.yar │ ├── Alina.yar │ ├── Ap0calypse.yar │ ├── Arcom.yar │ ├── Bandook.yar │ ├── BlackNix.yar │ ├── BlackShades.yar │ ├── BlueBanana.yar │ ├── Bozok.yar │ ├── ClientMesh.yar │ ├── CyberGate.yar │ ├── DarkComet.yar │ ├── DarkRAT.yar │ ├── Greame.yar │ ├── HawkEye.yar │ ├── Imminent3.yar │ ├── Infinity.yar │ ├── JavaDropper.yar │ ├── LostDoor.yar │ ├── LuminosityLink.yar │ ├── LuxNet.yar │ ├── NanoCore.yar │ ├── NetWire.yar │ ├── Pandora.yar │ ├── Paradox.yar │ ├── Plasma.yar │ ├── PoisonIvy.yar │ ├── PredatorPain.yar │ ├── Punisher.yar │ ├── PythoRAT.yar │ ├── QRat.yar │ ├── RedLine.yar │ ├── Sakula.yar │ ├── ShadowTech.yar │ ├── SmallNet.yar │ ├── SpyGate.yar │ ├── Sub7Nation.yar │ ├── TrickBot.yar │ ├── UPX.yar │ ├── Vertex.yar │ ├── VirusRat.yar │ ├── Xtreme.yar │ ├── adWind.yar │ ├── hrat.yar │ ├── jRat.yar │ ├── jbifrost.yar │ ├── mirai.yar │ ├── njRat.yar │ ├── remcos.yar │ ├── saefko.yar │ ├── spynote.yar │ ├── unrecom.yar │ ├── xRAT.yar │ └── yaraRules.yar └── yarascanner.py ├── requirements.txt ├── setup.py └── tests ├── __init__.py ├── test_decoders.py ├── test_preprocess.py └── test_yara.py /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/.gitignore -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/.travis.yml -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | recursive-include malwareconfig/yaraRules *.yar -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/README.md -------------------------------------------------------------------------------- /malconf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malconf -------------------------------------------------------------------------------- /malwareconfig/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /malwareconfig/common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/common.py -------------------------------------------------------------------------------- /malwareconfig/crypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/crypto.py -------------------------------------------------------------------------------- /malwareconfig/decoders/LostDoor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/LostDoor.py -------------------------------------------------------------------------------- /malwareconfig/decoders/RedLine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/RedLine.py -------------------------------------------------------------------------------- /malwareconfig/decoders/Xtreme.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/Xtreme.py -------------------------------------------------------------------------------- /malwareconfig/decoders/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /malwareconfig/decoders/aar.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/aar.py -------------------------------------------------------------------------------- /malwareconfig/decoders/adwind.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/adwind.py -------------------------------------------------------------------------------- /malwareconfig/decoders/adzok.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/adzok.py -------------------------------------------------------------------------------- /malwareconfig/decoders/alienspy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/alienspy.py -------------------------------------------------------------------------------- /malwareconfig/decoders/alina.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/alina.py -------------------------------------------------------------------------------- /malwareconfig/decoders/arcom.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/arcom.py -------------------------------------------------------------------------------- /malwareconfig/decoders/blacknix.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/blacknix.py -------------------------------------------------------------------------------- /malwareconfig/decoders/blackshades.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/blackshades.py -------------------------------------------------------------------------------- /malwareconfig/decoders/bluebanana.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/bluebanana.py -------------------------------------------------------------------------------- /malwareconfig/decoders/bozok.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/bozok.py -------------------------------------------------------------------------------- /malwareconfig/decoders/clientmesh.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/clientmesh.py -------------------------------------------------------------------------------- /malwareconfig/decoders/cybergate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/cybergate.py -------------------------------------------------------------------------------- /malwareconfig/decoders/darkcomet.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/darkcomet.py -------------------------------------------------------------------------------- /malwareconfig/decoders/darkrat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/darkrat.py -------------------------------------------------------------------------------- /malwareconfig/decoders/hawkeye.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/hawkeye.py -------------------------------------------------------------------------------- /malwareconfig/decoders/hrat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/hrat.py -------------------------------------------------------------------------------- /malwareconfig/decoders/jbifrost.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/jbifrost.py -------------------------------------------------------------------------------- /malwareconfig/decoders/jrat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/jrat.py -------------------------------------------------------------------------------- /malwareconfig/decoders/luminositylink.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/luminositylink.py -------------------------------------------------------------------------------- /malwareconfig/decoders/luxnet.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/luxnet.py -------------------------------------------------------------------------------- /malwareconfig/decoders/mirai.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/mirai.py -------------------------------------------------------------------------------- /malwareconfig/decoders/nanocore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/nanocore.py -------------------------------------------------------------------------------- /malwareconfig/decoders/netwire.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/netwire.py -------------------------------------------------------------------------------- /malwareconfig/decoders/njrat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/njrat.py -------------------------------------------------------------------------------- /malwareconfig/decoders/plasma.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/plasma.py -------------------------------------------------------------------------------- /malwareconfig/decoders/remcos.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/remcos.py -------------------------------------------------------------------------------- /malwareconfig/decoders/saefko.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/saefko.py -------------------------------------------------------------------------------- /malwareconfig/decoders/sakula.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/sakula.py -------------------------------------------------------------------------------- /malwareconfig/decoders/spynote.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/spynote.py -------------------------------------------------------------------------------- /malwareconfig/decoders/template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/decoders/template.py -------------------------------------------------------------------------------- /malwareconfig/fileparser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/fileparser.py -------------------------------------------------------------------------------- /malwareconfig/modules.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/modules.py -------------------------------------------------------------------------------- /malwareconfig/preprocessors/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /malwareconfig/preprocessors/upx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/preprocessors/upx.py -------------------------------------------------------------------------------- /malwareconfig/yaraRules/AAR.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/AAR.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Adzok.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Adzok.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/AlienSpy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/AlienSpy.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Alina.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Alina.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Ap0calypse.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Ap0calypse.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Arcom.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Arcom.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Bandook.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Bandook.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/BlackNix.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/BlackNix.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/BlackShades.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/BlackShades.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/BlueBanana.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/BlueBanana.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Bozok.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Bozok.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/ClientMesh.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/ClientMesh.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/CyberGate.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/CyberGate.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/DarkComet.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/DarkComet.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/DarkRAT.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/DarkRAT.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Greame.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Greame.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/HawkEye.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/HawkEye.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Imminent3.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Imminent3.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Infinity.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Infinity.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/JavaDropper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/JavaDropper.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/LostDoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/LostDoor.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/LuminosityLink.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/LuminosityLink.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/LuxNet.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/LuxNet.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/NanoCore.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/NanoCore.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/NetWire.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/NetWire.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Pandora.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Pandora.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Paradox.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Paradox.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Plasma.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Plasma.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/PoisonIvy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/PoisonIvy.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/PredatorPain.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/PredatorPain.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Punisher.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Punisher.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/PythoRAT.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/PythoRAT.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/QRat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/QRat.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/RedLine.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/RedLine.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Sakula.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Sakula.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/ShadowTech.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/ShadowTech.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/SmallNet.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/SmallNet.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/SpyGate.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/SpyGate.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Sub7Nation.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Sub7Nation.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/TrickBot.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/TrickBot.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/UPX.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/UPX.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Vertex.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Vertex.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/VirusRat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/VirusRat.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/Xtreme.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/Xtreme.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/adWind.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/adWind.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/hrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/hrat.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/jRat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/jRat.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/jbifrost.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/jbifrost.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/mirai.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/mirai.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/njRat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/njRat.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/remcos.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/remcos.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/saefko.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/saefko.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/spynote.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/spynote.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/unrecom.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/unrecom.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/xRAT.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/xRAT.yar -------------------------------------------------------------------------------- /malwareconfig/yaraRules/yaraRules.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yaraRules/yaraRules.yar -------------------------------------------------------------------------------- /malwareconfig/yarascanner.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/malwareconfig/yarascanner.py -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pefile 2 | pbkdf2 3 | javaobj-py3 4 | pycrypto 5 | androguard -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/setup.py -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/test_decoders.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/tests/test_decoders.py -------------------------------------------------------------------------------- /tests/test_preprocess.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/tests/test_preprocess.py -------------------------------------------------------------------------------- /tests/test_yara.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kevthehermit/RATDecoders/HEAD/tests/test_yara.py --------------------------------------------------------------------------------