Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
Warning

This app is archived. Learn more

DECRYPT app icon

DECRYPT

DECRYPT is a set of Splunk commands which provide Base32, Base64, XOR, ROTX, RC4 and ROL/ROR routines which are commonly used for obfuscating malware communications and data exfiltration. These commands can be leveraged in Splunk queries by users or automation to decipher previously indexed communications.

Built by Michael Zalewski
splunk product badge
Latest Version 2.3.1
February 16, 2021
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2
Rating

5

(7)

Log in to rate this app
Support
DECRYPT support icon
Not Supported
Learn more
DECRYPT is a set of Splunk commands which provide Base32, Base64, XOR, ROTX, RC4 and ROL/ROR routines which are commonly used for obfuscating malware communications and data exfiltration. These commands can be leveraged in Splunk queries by users or automation to decipher previously indexed communications.

Categories

Created By

Michael Zalewski

Type

addon

Downloads

6,623

Licensing

Splunk Answers

Resources

Login to report this app listing