search

jeFF0Falltrades / rat_king_parser

A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno RAT, and cloned/derivative RAT families.
MIT License
32 stars 4 forks source link

Adds parsing capabilities for XWorm and Xeno RAT #8

Closed jeFF0Falltrades closed 3 months ago

jeFF0Falltrades commented 3 months ago

This is primarily to add support for XWorm and Xeno RAT payloads, but also includes some refactoring to separate out decryptor files, add support for iterating through multiple decryptors with a fall-through to plaintext, and some cleaning up of config item patterns to avoid collisions.

@doomedraven: Let me know if you'd like to make the changes necessary to CAPE to add this new version in, or let me know if you'd rather I take on that work (based on your previous commit, it should be as easy as copying the new files over and adding a parser file for Xeno RAT. so I'm fine either way).

doomedraven commented 3 months ago

Hey thanks for headups, I will do that