Zeek Package Manager
 

zeek-njrat-detector

https://github.com/keithjjones/zeek-njrat-detector
1
3
3
0
Last Push 10/2/25, 2:12 PM

zeek-njrat-detector

This detector uses two types of detection:

  1. A Spicy analyzer to detect njRAT C2.
  2. The intelligence framework to detect IOCs.

More information on how this package was created can be found at:

https://drkeithjones.com/index.php/2023/04/20/detecting-njrat-bladabindi-malware-with-zeek-zeek-roulette-1/

Package Version :

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

scripts

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'COPYING'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

scripts

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'COPYING'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

scripts

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'COPYING'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

scripts

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'COPYING'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

scripts

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

A Zeek based njRAT detector.

Script Dir :

analyzer

Build Command :

mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake .. && cmake --build .

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset: