AIL-framework icon indicating copy to clipboard operation
AIL-framework copied to clipboard
verified publisher icon CIRCL

Malware configuration automatic parsing

Open ater49 opened this issue 7 years ago • 1 comments

Hi,

We have already seen some malware configurations in Pastebin like trickbot (Sample: https://pastebin.com/gK9gL0kF). It could be cool to parse it and push it to another tools like MISP.

ater49 avatar Oct 18 '18 11:10 ater49

There's other tools that do malware config extraction like CAPE (https://github.com/ctxis/CAPE).

Probably makes more sense to add a module that can send data to an external system like CAPE, since AIL is more data collection and processing tool imho.

deadbits avatar Jan 09 '19 19:01 deadbits