add Bitpaymer decryption script

rizinorg · Jun 27, 2019 · 69410b9 · 69410b9
1 parent 05a3763
commit 69410b9
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -5,12 +5,14 @@ Want to build your own Plugin for Cutter, or to port an existing one? Follow the
 
 
 ## Table of Contents
-
+- [Cutter Plugins](#Cutter-Plugins)
+  - [Table of Contents](#Table-of-Contents)
   - [Integrations](#Integrations)
     - [Jupyter Plugin](#Jupyter-Plugin)
   - [Malware Analysis](#Malware-Analysis)
     - [APT32 Graph Deobfuscator](#APT32-Graph-Deobfuscator)
     - [Dropshot / StoneDrill Decrypter](#Dropshot--StoneDrill-Decrypter)
+    - [Deobfuscate Bitpaymer API Calls](#Deobfuscate-Bitpaymer-API-Calls)
   - [Coverage](#Coverage)
     - [CutterDRcov](#CutterDRcov)
     - [Cutter Lighthouse](#Cutter-Lighthouse)
@@ -40,32 +42,40 @@ This is a python plugin for Cutter that is compatible as an r2pipe script for
 radare2 as well. The plugin will help reverse engineers to deobfuscate and remove
 junk blocks from APT32 (Ocean Lotus) samples.
 
+**Type**: Plugin  
 **Status**: Maintained  
 **Article**: [APT32 Flow Graphs with Cutter and Radare2](https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2/)
 
 
 ### [Dropshot / StoneDrill Decrypter](https://github.com/ITAYC0HEN/A-journey-into-Radare2/blob/master/Part%203%20-%20Malware%20analysis/decrypt_dropshot.py)
 This is an r2pipe based script that is used to decrypt strings and resources in the Dropshot APT malware.
 
+**Type**: Script  
 **Status**: Maintained  
 **Articles**: 
  - [Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1](https://www.megabeets.net/decrypting-dropshot-with-radare2-and-cutter-part-1)
  - [Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2](https://www.megabeets.net/decrypting-dropshot-with-radare2-and-cutter-part-2)
 
 
+### [Deobfuscate Bitpaymer API Calls](https://github.com/mauronz/malware_analysis/blob/master/deobf_bitpaymer_cutter.py)
+Deobfuscation script of API calls in Bitpaymer (v2)
 
+**Type**: Script  
+**Reference**: https://twitter.com/FraMauronz/status/1005138478261309440
 
 ## Coverage
 
 ### [CutterDRcov](https://github.com/oddcoder/CutterDRcov)
 CutterDrcov is code coverage plugin that visualizes DynamoRIO drcov into Cutter static analysis.
 
+**Type**: Plugin  
 **Status**: Maintained  
 
 ### [Cutter Lighthouse](https://github.com/gaasedelen/lighthouse)
 
 This is still a work in progress on this [Pull Request](https://github.com/gaasedelen/lighthouse/pull/65).
 
+**Type**: Plugin  
 **Status**: WIP  
 
 
@@ -75,6 +85,7 @@ This is still a work in progress on this [Pull Request](https://github.com/gaase
 
 A plugin for Cutter that shows the information about the assembly instruction currently selected (only for x86 and x64)
 
+**Type**: Plugin  
 **Status**: Maintained
 
 
@@ -85,11 +96,13 @@ A plugin for Cutter that shows the information about the assembly instruction cu
 ### [Cutter Deep Graphs](https://github.com/JavierYuste/radare2-deep-graph)
 A Cutter plugin to generate radare2 graphs. It also provides a new graph called Deep callgraph, which builds an in-depth callgraph from the current function, adding recursively its callees' callings.
 
+**Type**: Plugin  
 **Status**: Maintained
 
 
 ## Misc
 ### [Cutter plugin templates](https://github.com/radareorg/cutter/tree/master/src/plugins)
 Python and C++ sample plugins to start with.
 
+**Type**: Plugin  
 **Status**: Maintained