├── DecryptPlugX ├── DecryptPlugX.py ├── PlugXDecrypter.py ├── README └── requirements.txt ├── LICENSE ├── README.md ├── Reaver_Decompression ├── README.MD ├── dll │ └── LzwDecompress.dll └── py │ └── lzwDecompress.py ├── SpiderMal ├── Entities │ ├── maltego.Domain.entity │ └── maltego.IPv4Address.entity ├── Graphs │ └── Graph1.properties ├── Icons │ └── Default │ │ ├── Domain.png │ │ ├── Domain24.png │ │ ├── Domain32.png │ │ ├── Domain48.png │ │ ├── NetCardGolden.png │ │ ├── NetCardGolden24.png │ │ ├── NetCardGolden32.png │ │ └── NetCardGolden48.png ├── Images │ ├── certpol.png │ ├── dateafter.png │ ├── datebefore.png │ ├── entitydate.png │ ├── faketech.png │ └── phishing.png ├── MaltegoTransform.py ├── README.md ├── Transformers │ ├── gsrt.SpiderMal-Domain-L3.machine │ ├── gsrt.SpiderMal-Domain.transform │ ├── gsrt.SpiderMal-Domain.transformsettings │ ├── gsrt.SpiderMal-IP-L3.machine │ ├── gsrt.SpiderMal-IP.transform │ └── gsrt.SpiderMal-IP.transformsettings ├── spidermal.py └── version.properties ├── UNIT42THREAT INTELLIGENCE.PNG ├── chopshop └── modules │ ├── evilgrab.py │ └── netwire.py ├── cmstar ├── decode_cmstar_payload.py ├── extract_cmstar_doc.py ├── extract_cmstar_rtf.py └── extract_cmstar_strings.py ├── hancitor ├── data_AllURLS ├── data_P1COMPNAME ├── data_P1FILEDESC ├── data_P1INTNAME ├── data_P1ORIGNAME ├── data_P1URLS ├── data_P1XOR ├── data_P2XOR ├── data_P3URLS ├── data_P4URLS ├── data_YARA ├── h_decrypt.py ├── hancitor_decrypt.py ├── hancitor_dropper.yar ├── hancitor_dump.csv ├── hancitor_offsetgen.py ├── hancitor_payload.yar └── hancitor_stage1.yar ├── ida_scripts ├── crc32_conversion.py ├── gen_function_json.py ├── idapython_pt5.py └── pirpi_anti_disassembly.py ├── idapython-guloader-anti-analysis └── guloader_veh_anti_analysis_.py ├── lockcrypt ├── decryptor.py └── recover_stream_key.py ├── luminositylink ├── parse_config_file.py └── parse_config_string.py ├── macro_loader ├── macro_decode.py └── olevba.py ├── netwire ├── README.md ├── commands.json └── netwire_decode.py ├── pclock2 ├── 81f686a320dbec38a90d64c98861f8ddac8bfdaa7f1ad04a8a33961283e00a22.idb └── targeted_file_types.txt ├── pisloader └── wekby_dns.py ├── powershellprofiler ├── PowerShellProfiler.py └── README.MD ├── powerware └── powerware_decrypt.py ├── ramdo ├── generate_function_hashes.py └── ida_ramdo_decrypt_strings.py ├── ranran_decryption ├── README.md ├── exe │ ├── collect_stream_ciphers.exe │ └── decrypt_with_cipher_streams.exe └── py │ ├── collect_cipher_streams.py │ └── decrypt_with_cipher_streams.py ├── stegbaus └── Program.cs ├── teslacrypt ├── README.md └── deobfuscate_api_calls.py └── trapwot ├── README.md ├── stage_1 └── idapython_string_decode.py └── stage_2 ├── decrypt_parse_victim_info.py └── idapython_xxtea_string_decrypt.py /DecryptPlugX/DecryptPlugX.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/DecryptPlugX/DecryptPlugX.py -------------------------------------------------------------------------------- /DecryptPlugX/PlugXDecrypter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/DecryptPlugX/PlugXDecrypter.py -------------------------------------------------------------------------------- /DecryptPlugX/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/DecryptPlugX/README -------------------------------------------------------------------------------- /DecryptPlugX/requirements.txt: -------------------------------------------------------------------------------- 1 | iced-x86==1.11.0 2 | lznt1==0.2 3 | pefile==2019.4.18 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/README.md -------------------------------------------------------------------------------- /Reaver_Decompression/README.MD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/Reaver_Decompression/README.MD -------------------------------------------------------------------------------- /Reaver_Decompression/dll/LzwDecompress.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/Reaver_Decompression/dll/LzwDecompress.dll -------------------------------------------------------------------------------- /Reaver_Decompression/py/lzwDecompress.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/Reaver_Decompression/py/lzwDecompress.py -------------------------------------------------------------------------------- /SpiderMal/Entities/maltego.Domain.entity: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Entities/maltego.Domain.entity -------------------------------------------------------------------------------- /SpiderMal/Entities/maltego.IPv4Address.entity: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Entities/maltego.IPv4Address.entity -------------------------------------------------------------------------------- /SpiderMal/Graphs/Graph1.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Graphs/Graph1.properties -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/Domain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/Domain.png -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/Domain24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/Domain24.png -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/Domain32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/Domain32.png -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/Domain48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/Domain48.png -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/NetCardGolden.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/NetCardGolden.png -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/NetCardGolden24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/NetCardGolden24.png -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/NetCardGolden32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/NetCardGolden32.png -------------------------------------------------------------------------------- /SpiderMal/Icons/Default/NetCardGolden48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Icons/Default/NetCardGolden48.png -------------------------------------------------------------------------------- /SpiderMal/Images/certpol.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Images/certpol.png -------------------------------------------------------------------------------- /SpiderMal/Images/dateafter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Images/dateafter.png -------------------------------------------------------------------------------- /SpiderMal/Images/datebefore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Images/datebefore.png -------------------------------------------------------------------------------- /SpiderMal/Images/entitydate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Images/entitydate.png -------------------------------------------------------------------------------- /SpiderMal/Images/faketech.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Images/faketech.png -------------------------------------------------------------------------------- /SpiderMal/Images/phishing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Images/phishing.png -------------------------------------------------------------------------------- /SpiderMal/MaltegoTransform.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/MaltegoTransform.py -------------------------------------------------------------------------------- /SpiderMal/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/README.md -------------------------------------------------------------------------------- /SpiderMal/Transformers/gsrt.SpiderMal-Domain-L3.machine: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Transformers/gsrt.SpiderMal-Domain-L3.machine -------------------------------------------------------------------------------- /SpiderMal/Transformers/gsrt.SpiderMal-Domain.transform: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Transformers/gsrt.SpiderMal-Domain.transform -------------------------------------------------------------------------------- /SpiderMal/Transformers/gsrt.SpiderMal-Domain.transformsettings: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Transformers/gsrt.SpiderMal-Domain.transformsettings -------------------------------------------------------------------------------- /SpiderMal/Transformers/gsrt.SpiderMal-IP-L3.machine: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Transformers/gsrt.SpiderMal-IP-L3.machine -------------------------------------------------------------------------------- /SpiderMal/Transformers/gsrt.SpiderMal-IP.transform: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Transformers/gsrt.SpiderMal-IP.transform -------------------------------------------------------------------------------- /SpiderMal/Transformers/gsrt.SpiderMal-IP.transformsettings: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/Transformers/gsrt.SpiderMal-IP.transformsettings -------------------------------------------------------------------------------- /SpiderMal/spidermal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/spidermal.py -------------------------------------------------------------------------------- /SpiderMal/version.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/SpiderMal/version.properties -------------------------------------------------------------------------------- /UNIT42THREAT INTELLIGENCE.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/UNIT42THREAT INTELLIGENCE.PNG -------------------------------------------------------------------------------- /chopshop/modules/evilgrab.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/chopshop/modules/evilgrab.py -------------------------------------------------------------------------------- /chopshop/modules/netwire.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/chopshop/modules/netwire.py -------------------------------------------------------------------------------- /cmstar/decode_cmstar_payload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/cmstar/decode_cmstar_payload.py -------------------------------------------------------------------------------- /cmstar/extract_cmstar_doc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/cmstar/extract_cmstar_doc.py -------------------------------------------------------------------------------- /cmstar/extract_cmstar_rtf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/cmstar/extract_cmstar_rtf.py -------------------------------------------------------------------------------- /cmstar/extract_cmstar_strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/cmstar/extract_cmstar_strings.py -------------------------------------------------------------------------------- /hancitor/data_AllURLS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_AllURLS -------------------------------------------------------------------------------- /hancitor/data_P1COMPNAME: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P1COMPNAME -------------------------------------------------------------------------------- /hancitor/data_P1FILEDESC: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P1FILEDESC -------------------------------------------------------------------------------- /hancitor/data_P1INTNAME: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P1INTNAME -------------------------------------------------------------------------------- /hancitor/data_P1ORIGNAME: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P1ORIGNAME -------------------------------------------------------------------------------- /hancitor/data_P1URLS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P1URLS -------------------------------------------------------------------------------- /hancitor/data_P1XOR: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P1XOR -------------------------------------------------------------------------------- /hancitor/data_P2XOR: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P2XOR -------------------------------------------------------------------------------- /hancitor/data_P3URLS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P3URLS -------------------------------------------------------------------------------- /hancitor/data_P4URLS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_P4URLS -------------------------------------------------------------------------------- /hancitor/data_YARA: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/data_YARA -------------------------------------------------------------------------------- /hancitor/h_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/h_decrypt.py -------------------------------------------------------------------------------- /hancitor/hancitor_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/hancitor_decrypt.py -------------------------------------------------------------------------------- /hancitor/hancitor_dropper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/hancitor_dropper.yar -------------------------------------------------------------------------------- /hancitor/hancitor_dump.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/hancitor_dump.csv -------------------------------------------------------------------------------- /hancitor/hancitor_offsetgen.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/hancitor_offsetgen.py -------------------------------------------------------------------------------- /hancitor/hancitor_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/hancitor_payload.yar -------------------------------------------------------------------------------- /hancitor/hancitor_stage1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/hancitor/hancitor_stage1.yar -------------------------------------------------------------------------------- /ida_scripts/crc32_conversion.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ida_scripts/crc32_conversion.py -------------------------------------------------------------------------------- /ida_scripts/gen_function_json.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ida_scripts/gen_function_json.py -------------------------------------------------------------------------------- /ida_scripts/idapython_pt5.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ida_scripts/idapython_pt5.py -------------------------------------------------------------------------------- /ida_scripts/pirpi_anti_disassembly.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ida_scripts/pirpi_anti_disassembly.py -------------------------------------------------------------------------------- /idapython-guloader-anti-analysis/guloader_veh_anti_analysis_.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/idapython-guloader-anti-analysis/guloader_veh_anti_analysis_.py -------------------------------------------------------------------------------- /lockcrypt/decryptor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/lockcrypt/decryptor.py -------------------------------------------------------------------------------- /lockcrypt/recover_stream_key.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/lockcrypt/recover_stream_key.py -------------------------------------------------------------------------------- /luminositylink/parse_config_file.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/luminositylink/parse_config_file.py -------------------------------------------------------------------------------- /luminositylink/parse_config_string.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/luminositylink/parse_config_string.py -------------------------------------------------------------------------------- /macro_loader/macro_decode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/macro_loader/macro_decode.py -------------------------------------------------------------------------------- /macro_loader/olevba.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/macro_loader/olevba.py -------------------------------------------------------------------------------- /netwire/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/netwire/README.md -------------------------------------------------------------------------------- /netwire/commands.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/netwire/commands.json -------------------------------------------------------------------------------- /netwire/netwire_decode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/netwire/netwire_decode.py -------------------------------------------------------------------------------- /pclock2/81f686a320dbec38a90d64c98861f8ddac8bfdaa7f1ad04a8a33961283e00a22.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/pclock2/81f686a320dbec38a90d64c98861f8ddac8bfdaa7f1ad04a8a33961283e00a22.idb -------------------------------------------------------------------------------- /pclock2/targeted_file_types.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/pclock2/targeted_file_types.txt -------------------------------------------------------------------------------- /pisloader/wekby_dns.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/pisloader/wekby_dns.py -------------------------------------------------------------------------------- /powershellprofiler/PowerShellProfiler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/powershellprofiler/PowerShellProfiler.py -------------------------------------------------------------------------------- /powershellprofiler/README.MD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/powershellprofiler/README.MD -------------------------------------------------------------------------------- /powerware/powerware_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/powerware/powerware_decrypt.py -------------------------------------------------------------------------------- /ramdo/generate_function_hashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ramdo/generate_function_hashes.py -------------------------------------------------------------------------------- /ramdo/ida_ramdo_decrypt_strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ramdo/ida_ramdo_decrypt_strings.py -------------------------------------------------------------------------------- /ranran_decryption/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ranran_decryption/README.md -------------------------------------------------------------------------------- /ranran_decryption/exe/collect_stream_ciphers.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ranran_decryption/exe/collect_stream_ciphers.exe -------------------------------------------------------------------------------- /ranran_decryption/exe/decrypt_with_cipher_streams.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ranran_decryption/exe/decrypt_with_cipher_streams.exe -------------------------------------------------------------------------------- /ranran_decryption/py/collect_cipher_streams.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ranran_decryption/py/collect_cipher_streams.py -------------------------------------------------------------------------------- /ranran_decryption/py/decrypt_with_cipher_streams.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/ranran_decryption/py/decrypt_with_cipher_streams.py -------------------------------------------------------------------------------- /stegbaus/Program.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/stegbaus/Program.cs -------------------------------------------------------------------------------- /teslacrypt/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/teslacrypt/README.md -------------------------------------------------------------------------------- /teslacrypt/deobfuscate_api_calls.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/teslacrypt/deobfuscate_api_calls.py -------------------------------------------------------------------------------- /trapwot/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/trapwot/README.md -------------------------------------------------------------------------------- /trapwot/stage_1/idapython_string_decode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/trapwot/stage_1/idapython_string_decode.py -------------------------------------------------------------------------------- /trapwot/stage_2/decrypt_parse_victim_info.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/trapwot/stage_2/decrypt_parse_victim_info.py -------------------------------------------------------------------------------- /trapwot/stage_2/idapython_xxtea_string_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pan-unit42/public_tools/HEAD/trapwot/stage_2/idapython_xxtea_string_decrypt.py --------------------------------------------------------------------------------