https://github.com/jpcertcc/gobrat-analysis

https://github.com/jpcertcc/gobrat-analysis

Last synced: 5 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/jpcertcc/gobrat-analysis
• Owner: JPCERTCC
• License: other
• Created: 2023-11-27T00:33:16.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-12-21T01:00:24.000Z (over 2 years ago)
• Last Synced: 2025-04-12T10:40:24.789Z (about 1 year ago)
• Language: Python
• Size: 57 MB
• Stars: 0
• Watchers: 7
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# GobRAT-Analysis

This repository publishes analysis reports and analysis tools for GobRAT

## IoC_C2Scan

IoC in CSV format with C2 scan over a long period of time

https://github.com/JPCERTCC/GobRAT-Analysis/blob/main/IoC_C2Scan/ioc_c2.csv

## C2EmulationTool

C2 emulation tool written by golang that supports analysis of GobRAT malware.

For more information, see https://github.com/JPCERTCC/GobRAT-Analysis/tree/main/C2EmulationTool

## DecryptTool

IDA Python tool to decrypt GobRAT strings for x86-64

https://github.com/JPCERTCC/GobRAT-Analysis/blob/main/DecryptTool/Decrypt_GobRAT.py

## YaraGenerateTool

IDA Python tool for automatic generation of GobRAT yara rules for x86, x86-64, MIPS and ARM

https://github.com/JPCERTCC/GobRAT-Analysis/blob/main/YaraGenerateTool/YaraGene_GobRAT_MultiArch.py

## YaraRule

GobRAT yara rule for x86, x86-64, MIPS and ARM

https://github.com/JPCERTCC/GobRAT-Analysis/tree/main/YaraRule

## Slide

- AVAR2023

    - https://github.com/JPCERTCC/GobRAT-Analysis/blob/main/Slide/AVAR2023.pdf