Change and updates 13.06.2015 NjRat, Rat Config Extractor :
+ njRat Config Extractor v-0.2
+ Predator Logger Config Extractor v-0.2
+ jRAT Rat Config Extractor v-0.3
+ Create Hawkeye Config Extractor v-0.1
Ratdecoders : a collection of Python Scripts that will extract and decode the configuration settings from common rats.
Here is a list of the currently supported RATS:
– Albertino Advanced RAT
– Blue Banana
Upcoming RATS :
– Any Other Rats i can find.
There are several modules that are required and each script is different, Please check the individual scripts. This list is a complete listing of all the Python Modules across all decoders
There will be more decoders coming Finish the Recursive mode on several of the Decoders
Malware.lu for the initial xtreme Rat Writeup – https://code.google.com/p/malware-lu/wiki/en_xtreme_RAT
Fireye for their Poison Ivy and Xtreme rat WriteUps (Even though they ignored my tweet and reply ) – http://www.fireeye.com/blog/technical/2014/02/xtremerat-nuisance-or-threat.html
Shawn Denbow and Jesse Herts for their paper here – http://www.matasano.com/research/PEST-CONTROL.pdf