Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-18Twitter (@embee_research)Embee_research
@online{embeeresearch:20231018:ghidra:1253f8d, author = {Embee_research}, title = {{Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function}}, date = {2023-10-18}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/ghidra-entropy-analysis-locating-decryption-functions/}, language = {English}, urldate = {2023-10-20} } Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike
2023-08-28Github (cocomelonc)cocomelonc
@online{cocomelonc:20230828:malware:860380d, author = {cocomelonc}, title = {{Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.}}, date = {2023-08-28}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/malware/2023/08/28/malware-cryptography-20.html}, language = {English}, urldate = {2023-08-31} } Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.
2023-08-15Github (muha2xmad)Muhammad Hasan Ali
@online{ali:20230815:stealc:4aa8523, author = {Muhammad Hasan Ali}, title = {{StealC string decryption}}, date = {2023-08-15}, organization = {Github (muha2xmad)}, url = {https://github.com/muha2xmad/Python/blob/bdc7a711d5a775f8ae47b591f20fdd2e1360b77b/Stealc/stealc_string_decryption.py}, language = {English}, urldate = {2023-08-25} } StealC string decryption
Stealc
2023-08-13Github (cocomelonc)cocomelonc
@online{cocomelonc:20230813:malware:1f15d71, author = {cocomelonc}, title = {{Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.}}, date = {2023-08-13}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/malware/2023/08/13/malware-cryptography-1.html}, language = {English}, urldate = {2023-08-31} } Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.
2023-08-10Github (muha2xmad)Muhammad Hasan Ali
@online{ali:20230810:amadey:2b2dafc, author = {Muhammad Hasan Ali}, title = {{Amadey string decryptor}}, date = {2023-08-10}, organization = {Github (muha2xmad)}, url = {https://github.com/muha2xmad/Python/blob/bdc7a711d5a775f8ae47b591f20fdd2e1360b77b/Amadey/amadey_string_decryptor.py}, language = {English}, urldate = {2023-08-25} } Amadey string decryptor
Amadey
2023-08-03OALabsSergei Frankoff
@online{frankoff:20230803:golang:daf6565, author = {Sergei Frankoff}, title = {{Golang Garble String Decryption}}, date = {2023-08-03}, organization = {OALabs}, url = {https://research.openanalysis.net/garble/go/obfuscation/strings/2023/08/03/garble.html}, language = {English}, urldate = {2023-08-07} } Golang Garble String Decryption
Bandit Stealer
2023-06-29Avast DecodedThreat Research Team
@online{team:20230629:decrypted:9d80eb8, author = {Threat Research Team}, title = {{Decrypted: Akira Ransomware}}, date = {2023-06-29}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/decrypted-akira-ransomware/}, language = {English}, urldate = {2023-07-02} } Decrypted: Akira Ransomware
Akira
2023-06-26Github (cocomelonc)cocomelonc
@online{cocomelonc:20230626:malware:8c17615, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.}}, date = {2023-06-26}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/malware/2023/06/26/malware-av-evasion-18.html}, language = {English}, urldate = {2023-07-05} } Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.
2023-06-23Medium (Cryptax)Axelle Apvrille
@online{apvrille:20230623:inside:80ab43b, author = {Axelle Apvrille}, title = {{Inside KangaPack: the Kangaroo packer with native decryption}}, date = {2023-06-23}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/inside-kangapack-the-kangaroo-packer-with-native-decryption-3e7e054679c4}, language = {English}, urldate = {2023-06-26} } Inside KangaPack: the Kangaroo packer with native decryption
FluHorse
2023-05-22kienmanowar Blogm4n0w4r
@online{m4n0w4r:20230522:case:c053ed3, author = {m4n0w4r}, title = {{[Case study] Decrypt strings using Dumpulator}}, date = {2023-05-22}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2023/05/22/case-study-decrypt-strings-using-dumpulator/}, language = {English}, urldate = {2023-05-25} } [Case study] Decrypt strings using Dumpulator
2023-05-09Medium walmartglobaltechJason Reaves, Joshua Platt, Jonathan Mccay
@online{reaves:20230509:metastealer:11ef397, author = {Jason Reaves and Joshua Platt and Jonathan Mccay}, title = {{MetaStealer string decryption and DGA overview}}, date = {2023-05-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/metastealer-string-decryption-and-dga-overview-5f38f76830cd}, language = {English}, urldate = {2023-05-11} } MetaStealer string decryption and DGA overview
MetaStealer
2023-04-24Immersive LabsKevin Breen
@online{breen:20230424:detecting:613b1ad, author = {Kevin Breen}, title = {{Detecting and decrypting Sliver C2 – a threat hunter’s guide}}, date = {2023-04-24}, organization = {Immersive Labs}, url = {https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/}, language = {English}, urldate = {2023-06-23} } Detecting and decrypting Sliver C2 – a threat hunter’s guide
Sliver
2023-04-18ANY.RUNANY.RUN
@online{anyrun:20230418:privateloader:464df80, author = {ANY.RUN}, title = {{PrivateLoader: Analyzing the Encryption and Decryption of a Modern Loader}}, date = {2023-04-18}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/privateloader-analyzing-the-encryption-and-decryption-of-a-modern-loader/}, language = {English}, urldate = {2023-05-26} } PrivateLoader: Analyzing the Encryption and Decryption of a Modern Loader
PrivateLoader
2023-03-25kienmanowar BlogTran Trung Kien, m4n0w4r
@online{kien:20230325:quicknote:c2b9de4, author = {Tran Trung Kien and m4n0w4r}, title = {{[QuickNote] Decrypting the C2 configuration of Warzone RAT}}, date = {2023-03-25}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2023/03/25/quicknote-decrypting-the-c2-configuration-of-warzone-rat/}, language = {English}, urldate = {2023-03-27} } [QuickNote] Decrypting the C2 configuration of Warzone RAT
Ave Maria
2023-03-24cocomelonccocomelonc
@online{cocomelonc:20230324:malware:972beff, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.}}, date = {2023-03-24}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html}, language = {English}, urldate = {2023-03-30} } Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.
2023-03-21Github (rivitna)Andrey Zhdanov
@online{zhdanov:20230321:blackcat:2da310d, author = {Andrey Zhdanov}, title = {{BlackCat v3 Decryptor Scripts}}, date = {2023-03-21}, organization = {Github (rivitna)}, url = {https://github.com/rivitna/Malware/tree/main/BlackCat/ALPHV3}, language = {English}, urldate = {2023-03-22} } BlackCat v3 Decryptor Scripts
BlackCat BlackCat
2023-03-09Github (cocomelonc)cocomelonc
@online{cocomelonc:20230309:malware:fe37ea5, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.}}, date = {2023-03-09}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/malware/2023/03/09/malware-av-evasion-13.html}, language = {English}, urldate = {2023-03-30} } Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.
2023-02-28ANY.RUNANY.RUN
@online{anyrun:20230228:xloaderformbook:bdcb64a, author = {ANY.RUN}, title = {{XLoader/FormBook: Encryption Analysis and Malware Decryption}}, date = {2023-02-28}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/}, language = {English}, urldate = {2023-09-07} } XLoader/FormBook: Encryption Analysis and Malware Decryption
Formbook
2023-02-14Github (clairelevin)Claire Levin
@online{levin:20230214:writing:acb4846, author = {Claire Levin}, title = {{Writing a decryptor for Jaff ransomware}}, date = {2023-02-14}, organization = {Github (clairelevin)}, url = {https://clairelevin.github.io/malware/2023/02/14/jaff.html}, language = {English}, urldate = {2023-02-21} } Writing a decryptor for Jaff ransomware
Jaff
2023-02-07HelpNetSecurityZeljka Zorz
@online{zorz:20230207:released:d60ac1e, author = {Zeljka Zorz}, title = {{Released: Decryptor for Cl0p ransomware’s Linux variant}}, date = {2023-02-07}, organization = {HelpNetSecurity}, url = {https://www.helpnetsecurity.com/2023/02/07/cl0p-ransomware-decryptor-linux/}, language = {English}, urldate = {2023-02-09} } Released: Decryptor for Cl0p ransomware’s Linux variant
Clop