# malware-exquacker-modules

**Repository Path**: mirrors_elastic/malware-exquacker-modules

## Basic Information

- **Project Name**: malware-exquacker-modules
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: BSD-3-Clause
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2022-08-16
- **Last Updated**: 2025-08-09

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Malware Exquacker Extraction Modules

> **NOTE**: This repo is intended to use as part of an Elastic malware-exquacker pipeline.
> See the main repo at: https://github.com/elastic/malware-exquacker

Extracts Malware Configurations using Malduck

This is a fork of the upstream work located here: https://github.com/c3rb3ru5d3d53c/mwcfg-modules. You
can use these modules in the same way using the CLI utility for MalDuck called [`mwcfg`](https://github.com/c3rb3ru5d3d53c/mwcfg) or using the Elastic tool called [`malware-exquacker`](https://github.com/elastic/malware-exquacker). Elastic Security researchers publish extractors for malware that we've
developed internally and make them available to the community as-is. Other modules from the upstream
repo have been modified to match our [Elastic Common Schema](https://www.elastic.co/guide/en/ecs/current/)
output.

**Supported Modules:**
- ✔️ ASyncRAT
- ✔️ Azorult
- ✔️ Citadel
- ✔️ Cobalt Strike
- ✔️ Dridex
- ✔️ Hancitor
- ✔️ IcedID
  - ✔️ PhotoLoader
  - ✔️ PELoader
  - ✔️ Process Implant Memory
- ✔️ Phoreal
- ✔️ ZLoader