Parser and a Yara Rule for the executables, which can be used independently or ingested into ECAT that correspond to the Wolves Among Us: Abusing Trusted Providers for Malware Operations blog post
Additionally, RSA has created a simple Python script for automatically decoding these values that can be leveraged or implemented into other internal projects which is also included in the .zip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.