Skip to content

Commit

Permalink
Updates README for v3.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeFF0Falltrades
jeFF0Falltrades committed Oct 20, 2024
1 parent 3b7a355 commit 9c63058
Showing 1 changed file with 29 additions and 9 deletions.
38 changes: 29 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@

A robust, multiprocessing-capable, multi-family RAT config parser/extractor, tested for use with:

* AsyncRAT
* DcRAT
* VenomRAT
* QuasarRAT
* XWorm
* XenoRat
* Other cloned/derivative RAT families of the above
- AsyncRAT
- DcRAT
- VenomRAT
- QuasarRAT
- XWorm
- XenoRat
- Other cloned/derivative RAT families of the above

This configuration parser seeks to be "robust" in that it does not require the user to know anything about the strain or configuration of the RAT ahead of time:

Expand All @@ -28,7 +28,7 @@ and based on the original AsyncRAT config parser and tutorial here:

### Installation

As of version `3.0.0`, the RAT King Parser can now be installed via `pip`:
As of `v3.0.0`, the RAT King Parser can now be installed via `pip`:

```bash
pip install git+https://github.com/jeFF0Falltrades/rat_king_parser.git
Expand Down Expand Up @@ -79,6 +79,22 @@ options:
python recompile.py -i my_rule.yar -o my_rule.yarc
```

### External Integrations
As of `v3.1.0`, RAT King Parser has introduced additional, optional wrapper extractors for integration with some external services.

These currently include:

- [MACO](https://github.com/CybercentreCanada/Maco): The Canadian Centre for Cyber Security's malware config extractor framework, which allows RAT King Parser to be integrated with MACO-compatible tools like [AssemblyLine](https://github.com/CybercentreCanada/assemblyline) (though RAT King Parser is already integrated in AssemblyLine's configuration extraction service without need for further configuration)

In order to utilize these extractors, the optional dependencies for a particular extractor must be installed.

This can be completed with `pip` by referencing the specific optional dependency group to install; For example:

```bash
pip install "rat_king_parser[maco] @ git+https://github.com/jeFF0Falltrades/rat_king_parser.git"

```

## Example Input/Output

```bash
Expand Down Expand Up @@ -441,7 +457,11 @@ Also, if this tool or video tutorial was helpful to you, that's always nice to h

Thank you!

## Logo Attribution
## Contributions & Attribution
Huge thanks to the following contributors for their outstanding work:

- [doomedraven](https://github.com/doomedraven): For your help in integrating RKP into CAPEv2
- [cccs-rs](https://github.com/cccs-rs): For your help in integrating RKP into AssemblyLine, as well as helping me wrap it to work with MACO

The logo for this project contains modifications of the following images:

Expand Down

0 comments on commit 9c63058

Please sign in to comment.