DECRYPT2

DECRYPT2 is a fork of DECRYPT by Michael Zalewski DECRYPT is a set of Splunk commands which provide Base32, Base64, XOR, ROTX, RC4, ROL/ROR, hex, ascii, substr, decode (python codec), escape, unescape, htmlescape, htmlunescape, tr, rev, find, substr, slice, zlib_inflate, Base32 reverse endian, Base64 reverse endian, Base58 routines which are commonly used for obfuscating malware communications and data exfiltration. These commands can be leveraged in Splunk queries by users or automation to decipher previously indexed communications.

Built by Gareth Anderson

Latest Version 2.4.4

November 24, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

DECRYPT2 is a fork of DECRYPT by Michael Zalewski DECRYPT is a set of Splunk commands which provide Base32, Base64, XOR, ROTX, RC4, ROL/ROR, hex, ascii, substr, decode (python codec), escape, unescape, htmlescape, htmlunescape, tr, rev, find, substr, slice, zlib_inflate, Base32 reverse endian, Base64 reverse endian, Base58 routines which are commonly used for obfuscating malware communications and data exfiltration. These commands can be leveraged in Splunk queries by users or automation to decipher previously indexed communications.