ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
CyberThreatIntel/offshore APT organization/Bitter/27-08-19/decrypt
History
StrangerealIntel 3cf0ac1e03
Create Readme.md
2019-08-28 01:45:56 +02:00
..
decrypt.ps1 Add files via upload 2019-08-28 01:22:39 +02:00
Readme.md Create Readme.md 2019-08-28 01:45:56 +02:00
Result.png Add files via upload 2019-08-28 01:42:29 +02:00

Readme.md

Tool for decoding the encoded strings of ArtraDownloader

This tool decoding the encoded strings of the three variants of ArtraDownloader used by the APT Bitter group (August 2019)
The following syntax is the next :
> decrypt.ps1 "[Encoded string]" [Num Variant]
This will be give you the following result :

alt text

URL Tool : https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/offshore%20APT%20organization/Bitter/27-08-19/decrypt/decrypt.ps1
Ref Analysis: https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/