Various decoders related to Jupyter malware.
The JupyterAESDecoder.py script is aimed at a persistent command often deployed by jupyter into shell extension handlers.
This script assumes that you have
- the base64 encoded file that Jupyter often stores on disk
- The AES key stored in the persistent command
Usage
python JupyterAESdecoder.py --key <AES_key> --file <path_to_file>
The logic that is imitated can be seen here
An equivalent Cyberchef recipe observed here
