Parser and a Yara Rule for the executables, which can be used independently or ingested into ECAT that correspond to the Wolves Among Us: Abusing Trusted Providers for Malware Operations blog post
Additionally, RSA has created a simple Python script for automatically decoding these values that can be leveraged or implemented into other internal projects which is also included in the .zip