stoQ plugin that decodes XOR encoded payloads.
This plugin is designed to be used with Dispatching plugins that support XOR Key extraction, such as the
yara plugin. Dispatchers must provide a xorkey key in DispatcherResponse.meta. This plugin will search through the DispatcherResponse.meta object for keys with the value of xorkey. Once found it will use the values in the xorkey in an attempt to XOR decode the payload. The xorkey values must be an integer, string, or a list of strings or integers. If a list is provided, this plugin will using rolling xor to decode the payload.
No configuration options are required.