DC3-MWCP
Malware parser
A framework for parsing configuration information from malware to facilitate analysis and automation.
DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.
305 stars
43 watching
59 forks
Language: Python
last commit: 9 months ago
Linked from 1 awesome list
automationconfig-dumpframeworkmalware-analysismalware-automationpython
rshipp/awesome-malware-analysisRelated projects:
| Repository | Description | Stars |
|---|---|---|
 cert-polska/mwdb-core | Automated malware collection and analysis system with storage, tracking, and visualization capabilities | 330 |
 tomchop/malcom | Analyzes network traffic to detect malware communication and behavior | 1,158 |
 cert-ee/cuckoo3 | Automated malware analysis tool that tests suspicious files or links in a sandboxed environment | 652 |
 jpcertcc/malconfscan | Tools to extract configuration data from known malware samples in memory images. | 483 |
 misterch0c/malsploitbase | A repository of publicly available malware exploits targeting specific infrastructure. | 537 |
| cert-polska/karton | A framework for building flexible and lightweight malware analysis pipelines | 395 |
 mdudek-ics/trisis-triton-hatman | Repository containing malware samples and decompiled code to aid in security research and development of defense solutions | 233 |
 silascutler/malpipe | An ingestion and processing framework for malware and indicator data from various feeds. | 104 |
 mr-un1k0d3r/powerlessshell | A tool for generating malware payloads using MSBuild and PowerShell, allowing for conditional execution based on user domain or registry conditions. | 1,480 |
 mitrecnd/malchive | A collection of reusable scripts and tools for analyzing malicious software | 75 |
 kevoreilly/capev2 | A tool to extract configuration and payload from malware by analyzing its behavior in a sandboxed environment. | 2,043 |
 ajpc500/relayrumbler | A tool to extract configuration from F-Secure C3 Relay executable memory dumps | 16 |
 cidrblock/netcopa | An engine for parsing network device configurations and converting them to structured data in YAML | 135 |
 weisong-ucr/mab-malware | An open-source reinforcement learning framework to generate adversarial examples for malware classification models. | 41 |
 nysol/mcmd | A set of commands for high-speed processing of large-scale CSV data | 33 |