These are the files from my research on Gracewire from around the end of 2021.
You can find here the tools to extract the VFS used for the configuration of Gracewire and the information I've gathered on the P2P malware that used the same VFS and coding style.
A blog post about it is available here
- tools contains all the tools š¤£
- samples.zip password in infected, inside there is the original files and some found out with the Yara rules on VT
- gracewire_rules.yar yara rules
- P2P is the information collected during the research on the P2P samples using the same VFS