No project description provided
Project description
Elastic Security Labs - nightMARE
This directory contains the nightMARE (Malware Analysis & Reverse Engineering) library. nightMARE is a central module that will allow for an efficient and logical approach to automating various reverse engineering functions.
The nightMARE library is born from the need to refactor our code base into reusable bricks. We want to concentrate logics and dependencies into a single library in order to speed up tool developement for members of the Elastic Security Labs team.
By open sourcing our library to the community we hope that it'll contribute to our battle against threats.
Please note that this library is still young and under developement. Pull requests are welcome.
Example usage: https://www.elastic.co/security-labs/unpacking-icedid
Malware modules
| Module | Description |
|---|---|
nightmare.malware.blister |
Implement BLISTER algorithms |
nightmare.malware.ghostpulse |
Implement GHOSTPULSE algorithms |
nightmare.malware.deprecated.icedid |
Implement ICEDID algorithms (deprecated) |
nightmare.malware.latrodectus |
Implement LATRODECTUS algorithms |
nightmare.malware.lobshot |
Implement LOBSHOT algorithms |
nightmare.malware.lumma |
Implement LUMMA algorithms |
nightmare.malware.netwire |
Implement NETWIRE algorithms |
nightmare.malware.redlinestealer |
Implement REDLINESTEALER algorithms |
nightmare.malware.remcos |
Implement REMCOS algorithms |
nightmare.malware.smokeloader |
Implement SMOKELOADER algorithms |
nightmare.malware.stealc |
Implement STEALC algorithms |
nightmare.malware.warmcookie |
Implement WARMCOOKIE algorithms |
nightmare.malware.xorddos |
Implement XORDDOS algorithms |
Requirements
- Python >=
3.10is required. - Rizin v0.8.1 must be installed and available in the system's PATH environment variable.
Install
pip install nightmare-lib
or
git clone https://github.com/elastic/nightMARE
python -m pip install ./nightMARE
Test
Download the corpus from here and place the archive in the tests folder to run the tests. Warning: The archive contains malware; testing should be performed in a virtual machine for safety.
py.test
How to Contribute
Contributors must sign a Contributor License Agreement before contributing code to any Elastic repositories.
License
nightMARE uses the Elastic License version 2.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nightmare_lib-0.17.0.tar.gz.
File metadata
- Download URL: nightmare_lib-0.17.0.tar.gz
- Upload date:
- Size: 58.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2cc0b09d4855d438b42e0fa7a996b212aee0c3701d17b11c2e2e34e9c7c081fb
|
|
| MD5 |
131224d430303fc66e3b0a3c0db0b924
|
|
| BLAKE2b-256 |
8ef7d3b3f23467895d5d17a7576feb7a1c99c36e7c933b4db32522a44a8b239d
|
File details
Details for the file nightmare_lib-0.17.0-py3-none-any.whl.
File metadata
- Download URL: nightmare_lib-0.17.0-py3-none-any.whl
- Upload date:
- Size: 82.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
57d9de72934d3813b4f4d228283dad8a625dd9d66e73cf046ee590b5894e4696
|
|
| MD5 |
563bac6f5c43395e8c50a2ca0b84118e
|
|
| BLAKE2b-256 |
97e14304c4e93f9ccdbe9341d497ba286ec92db40e91b16675435b19ec0b3ca7
|
