Decodes PlugX traffic and encrypted/compressed artifacts
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
PlugXDecode.py
README.md

README.md

plugxdecoder

Basic Python script which Decodes PlugX traffic and encrypted/compressed artifacts.

Accepting pull requests from those who wish to contribute.

Currently requires: CTypes (with ntdll), dpkt (http://code.google.com/p/dpkt)

Tested with Python 2.7, on Windows.

Long-term goal is to make a pure Python plugin for MITRE's ChopShop.

https://github.com/MITRECND/chopshop

Since I want it to be pure Python, I'll have to do away with the RtlCompressBuffer call to ntdll...

USE THIS AT YOUR OWN RISK, I GUARANTEE NOTHING.