Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
DECRYPT2 app icon

DECRYPT2

DECRYPT2 is a fork of DECRYPT by Michael Zalewski DECRYPT is a set of Splunk commands which provide Base32, Base64, XOR, ROTX, RC4, ROL/ROR, hex, ascii, substr, decode (python codec), escape, unescape, htmlescape, htmlunescape, tr, rev, find, substr, slice, zlib_inflate, Base32 reverse endian, Base64 reverse endian, Base58 routines which are commonly used for obfuscating malware communications and data exfiltration.

Built by Gareth Anderson
splunk product badge
Latest Version 2.4.4
November 24, 2024
Compatibility
Not Available
Platform Version: 10.0, 9.4, 9.3, 9.2, 9.1, 9.0, 8.2
Rating

0

(0)

Log in to rate this app
Support
DECRYPT2 support icon
Developer Supported addon
DECRYPT2 is a fork of DECRYPT by Michael Zalewski DECRYPT is a set of Splunk commands which provide Base32, Base64, XOR, ROTX, RC4, ROL/ROR, hex, ascii, substr, decode (python codec), escape, unescape, htmlescape, htmlunescape, tr, rev, find, substr, slice, zlib_inflate, Base32 reverse endian, Base64 reverse endian, Base58 routines which are commonly used for obfuscating malware communications and data exfiltration. These commands can be leveraged in Splunk queries by users or automation to decipher previously indexed communications.

Categories

Created By

Gareth Anderson

Source Code

Type

addon

Downloads

6,184

Licensing

Splunk Answers

Resources

Log in to report this app listing