def __init__(self):
md = ModuleMetadata(module_name="njratgold",
bot_name="Njratgold",
description="Njrat 0.7 Golden edition",
authors=["Paul Melson (@pmelson)"],
version="1.1",
date="June 4, 2018",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="imminent",
bot_name="imminent",
description="RAT, infostealer, cryptominer",
authors=["Paul Melson @pmelson"],
version="1.0.0",
date="February 21, 2020",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="asyncrat",
bot_name="AsyncRAT",
description=".NET RAT based on QuasarRAT",
authors=["Paul Melson (@pmelson)"],
version="1.0.0",
date="April 13, 2020",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="voidrat",
bot_name="VoidRAT",
description=".NET RAT",
authors=["Paul Melson (@pmelson)"],
version="1.0.0",
date="March 22, 2020",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="glassrat",
bot_name="GlassRAT",
description="Trojan",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="November 25, 2015",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="njrat",
bot_name="njRat",
description="RAT",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.1.0",
date="May 27, 2015",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="agenttesla",
bot_name="AgentTesla",
description="Agent Tesla",
authors=["Paul Melson (@pmelson)"],
version="1.0",
date="September 11, 2018",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="cythosia",
bot_name="Cythosia",
description="DDoS Bot",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="March 21, 2015",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="gruntstager",
bot_name="GruntStager",
description="RAT",
authors=["Paul Melson (@pmelson)"],
version="1.0.0",
date="August 10, 2019",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="waketagat",
bot_name="WAKETAGAT",
description="Backdoor",
authors=["Paul Melson (@pmelson)"],
version="1.0.0",
date="August 10, 2018",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="pony",
bot_name="Pony",
description="",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.1.0",
date="April 14, 2014",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(module_name="blackworm",
bot_name="BlackWorm",
description="RAT developed in .NET",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="May 20, 2015",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
self.prng_seed = 0
def __init__(self):
md = ModuleMetadata(module_name="blackshades",
bot_name="BlackShades",
description="RAT developed in Visual Basic 6",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="August 16, 2014",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
self.prng_seed = 0
def __init__(self):
md = ModuleMetadata(
module_name="dexter_v1",
bot_name="Dexter v1",
description=
"Point of sale malware designed to extract credit card information from RAM",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="March 26, 2014",
references=[])
HTTPBruteModule.__init__(self, md)
def __init__(self):
md = ModuleMetadata(
module_name="infinity",
bot_name="Infinity",
description="RAT with DDoS and infostealer functions",
authors=["Paul Melson @pmelson"],
version="1.0.0",
date="August 20, 2018",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="limerat",
bot_name="Lime-RAT",
description=".NET RAT",
authors="Paul Melson (@pmelson)",
version="1.0",
date="January 22, 2019",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(module_name="virusrat",
bot_name="VirusRat",
description="Remote access trojan",
authors=["Paul Melson (@pmelson)"],
version="1.0.0",
date="December 7, 2018",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(
module_name="madnesspro_v114",
bot_name="Madness Pro v114",
description=
"Distributed Denial of Service botnet capable of various attacks",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="March 26, 2014",
references=[])
HTTPBruteModule.__init__(self, md)
def __init__(self):
md = ModuleMetadata(module_name="andromeda",
bot_name="Andromeda",
description="RAT",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="August 28, 2014",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(
module_name="revenge",
bot_name="Revenge",
description="RAT",
authors=["Paul Melson @pmelson", "Brian Wallace (@botnet_hunter)"],
version="1.0",
date="July 12, 2017",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(module_name="vertexnet",
bot_name="VertexNet",
description="General purpose malware",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="March 25, 2015",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(module_name="meterpreterx86",
bot_name="Meterpreter x86 Shellcode Payload",
description="Shellcode Loader",
authors="Paul Melson (@pmelson)",
version="1.0",
date="January 22, 2019",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(
module_name="spygate",
bot_name="SpyGate",
description="RAT",
authors=["Paul Melson @pmelson"],
version="1.0.0",
date="June 1, 2018",
references=[]
)
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(
module_name="n3utrino",
bot_name="n3utrino",
description="DDoS and infostealer bot",
authors=["Paul Melson @pmelson"],
version="1.0.0",
date="June 1, 2018",
references=[]
)
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(
module_name="cobaltbeacon",
bot_name="CobaltStrike Beacon",
description="RAT",
authors=["Paul Melson (@pmelson)"],
version="1.0.0",
date="June 15, 2018",
references=[]
)
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(
module_name="meterpreter",
bot_name="meterpreter",
description="Metasploit interactive shell",
authors=["Paul Melson @pmelson"],
version="1.0.0",
date="March 11, 2020",
references=[]
)
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(
module_name="herpes",
bot_name="Herpes Net",
description="Botnet that really makes your crotch itch",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="April 14, 2014",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(
module_name="njrat",
bot_name="njRat",
description="RAT",
authors=["Brian Wallace (@botnet_hunter)", "Paul Melson (@pmelson)","Kevin Breen (code borrowed from RATdecoders project"],
version="1.2.0",
date="February 21, 2019",
references=[]
)
PEParseModule.__init__(self, md)
self.yara_rules = None
def __init__(self):
md = ModuleMetadata(
module_name="vskimmer",
bot_name="vSkimmer",
description=
"Point of sale malware designed to extract credit card information from RAM",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.0.0",
date="September 2, 2014",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass
def __init__(self):
md = ModuleMetadata(
module_name="diamondfox",
bot_name="diamondfox",
description=
"Bot that steals passwords, DDoSes, etc, written in VB6",
authors=["Brian Wallace (@botnet_hunter)"],
version="1.1.0",
date="August 22, 2015",
references=[])
PEParseModule.__init__(self, md)
self.yara_rules = None
pass