Welcome to the beta of MICE, NCC Group's Malware Inspection & Config Extraction framework.

This is the internal version, designed for test and development within NCC Group.

The following malware families currently have good support:

  • HaveX RAT
  • Poison Ivy
  • NetWire RAT
  • Dark Comet RAT
  • Korlia
  • Agent.NJK
  • AdobeART
  • Sakula (see here)

Please note that MICE currently works completely statically (one of the design goals was to be fast). As such it does not currently unpack obfuscated executables, run files or inspect inside archives. Some of these features are coming soon, some are out of scope.