Skip to content

elastic/nightMARE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
nightMARE
nightMARE
 
 
tests
tests
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CHANGELOG.MD
CHANGELOG.MD
 
 
LICENSE.md
LICENSE.md
 
 
NOTICE.txt
NOTICE.txt
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Elastic Security Labs Banner Image

Elastic Security Labs - nightMARE

This directory contains the nightMARE (Malware Analysis & Reverse Engineering) library. nightMARE is a central module that will allow for an efficient and logical approach to automating various reverse engineering functions.

The nightMARE library is born from the need to refactor our code base into reusable bricks. We want to concentrate logics and dependencies into a single library in order to speed up tool developement for members of the Elastic Security Labs team.

By open sourcing our library to the community we hope that it'll contribute to our battle against threats.

Please note that this library is still young and under developement. Pull requests are welcome.
Example usage: https://www.elastic.co/security-labs/unpacking-icedid

Malware modules

Module Description
nightmare.malware.blister Implement BLISTER algorithms
nightmare.malware.ghostpulse Implement GHOSTPULSE algorithms
nightmare.malware.deprecated.icedid Implement ICEDID algorithms (deprecated)
nightmare.malware.latrodectus Implement LATRODECTUS algorithms
nightmare.malware.lobshot Implement LOBSHOT algorithms
nightmare.malware.lumma Implement LUMMA algorithms
nightmare.malware.netwire Implement NETWIRE algorithms
nightmare.malware.redlinestealer Implement REDLINESTEALER algorithms
nightmare.malware.remcos Implement REMCOS algorithms
nightmare.malware.smokeloader Implement SMOKELOADER algorithms
nightmare.malware.stealc Implement STEALC algorithms
nightmare.malware.warmcookie Implement WARMCOOKIE algorithms
nightmare.malware.xorddos Implement XORDDOS algorithms

Requirements

  • Python >= 3.10 is required.
  • Rizin v0.8.1 must be installed and available in the system's PATH environment variable.

Install

pip install nightmare-lib

or

git clone https://github.com/elastic/nightMARE
python -m pip install ./nightMARE

Test

Download the corpus from here and place the archive in the tests folder to run the tests. Warning: The archive contains malware; testing should be performed in a virtual machine for safety.

py.test

How to Contribute

Contributors must sign a Contributor License Agreement before contributing code to any Elastic repositories.

License

nightMARE uses the Elastic License version 2.

About

Elastic Security Labs' malware analysis and reverse engineering library

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

52 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages