Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rat_king_parser #1185

Open
Ana06 opened this issue Dec 6, 2024 · 1 comment
Open

Add rat_king_parser #1185

Ana06 opened this issue Dec 6, 2024 · 1 comment
Assignees
@sara-rn
Labels
🌀 FLARE-VM A package or feature to be used by FLARE-VM 🆕 package New package request/idea/PR
Milestone
FLARE-VM 2025 Q1

Comments

@Ana06
Copy link
Member

Ana06 commented Dec 6, 2024

Details

I have recently analysed a XWORM backdoor and rat_king_parser identified the family and decrypted the configuration. My sample was not difficult to analyse with dnSpy, but it was still nice to have the configuration extracted by rat_king_parser to double check. I think we should add a package for rat_king_parser. It can be easily installed using pip, so we can use VM-Install-With-Pip to install it.

@mandiant/flare-vm what do you think about adding it to the default configuration of FLARE-VM?
@Ana06 Ana06 added 🆕 package New package request/idea/PR 🌀 FLARE-VM A package or feature to be used by FLARE-VM labels Dec 6, 2024
@Ana06
Copy link
Member Author

Ana06 commented Dec 6, 2024

I think this is a good issue to test #1080. I suggest @sara-rn implements it together 😉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sara-rn sara-rn

Labels
🌀 FLARE-VM A package or feature to be used by FLARE-VM 🆕 package New package request/idea/PR
Projects
None yet
Milestone
FLARE-VM 2025 Q1
Development

No branches or pull requests
2 participants
@Ana06 @sara-rn