Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-25Medium walmartglobaltechJason Reaves
@online{reaves:20221025:brute:3e3f821, author = {Jason Reaves}, title = {{Brute Ratel Config Decoding update}}, date = {2022-10-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/brute-ratel-config-decoding-update-7820455022cb}, language = {English}, urldate = {2023-01-31} } Brute Ratel Config Decoding update
Brute Ratel C4
2022-09-30Medium walmartglobaltechJason Reaves, Jonathan Mccay
@online{reaves:20220930:diavol:d72ab2a, author = {Jason Reaves and Jonathan Mccay}, title = {{Diavol resurfaces}}, date = {2022-09-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-resurfaces-91dd93c7d922}, language = {English}, urldate = {2022-10-05} } Diavol resurfaces
Diavol
2022-08-11Medium walmartglobaltechJason Reaves
@online{reaves:20220811:state:ef0fd3c, author = {Jason Reaves}, title = {{State of the Remote Access Tools, Part 1}}, date = {2022-08-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2f}, language = {English}, urldate = {2022-09-12} } State of the Remote Access Tools, Part 1
2022-08-09Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220809:pivoting:7afbaea, author = {Jason Reaves and Joshua Platt}, title = {{Pivoting on a SharpExt to profile Kimusky panels for great good}}, date = {2022-08-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/pivoting-on-a-sharpext-to-profile-kimusky-panels-for-great-good-1920dc1bcef9}, language = {English}, urldate = {2022-08-11} } Pivoting on a SharpExt to profile Kimusky panels for great good
2022-08-04Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20220804:icedid:546c931, author = {Joshua Platt and Jason Reaves}, title = {{IcedID leverages PrivateLoader}}, date = {2022-08-04}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/icedid-leverages-privateloader-7744771bf87f}, language = {English}, urldate = {2022-08-11} } IcedID leverages PrivateLoader
IcedID PrivateLoader
2022-06-02Twitter (@sysopfb)Jason Reaves
@online{reaves:20220602:tweets:b70da25, author = {Jason Reaves}, title = {{Tweets on UpdateAgent - GolangVersion}}, date = {2022-06-02}, organization = {Twitter (@sysopfb)}, url = {https://twitter.com/sysopfb/status/1532442456343691273}, language = {English}, urldate = {2022-06-04} } Tweets on UpdateAgent - GolangVersion
UpdateAgent
2022-05-25Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220525:socgholish:f876e0e, author = {Jason Reaves and Joshua Platt}, title = {{SocGholish Campaigns and Initial Access Kit}}, date = {2022-05-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee}, language = {English}, urldate = {2022-06-02} } SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT
2022-04-15Medium walmartglobaltechJason Reaves
@online{reaves:20220415:revisiting:94c149c, author = {Jason Reaves}, title = {{Revisiting BatLoader C2 structure}}, date = {2022-04-15}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/revisiting-batloader-c2-structure-52f46ff9893a}, language = {English}, urldate = {2023-01-31} } Revisiting BatLoader C2 structure
BATLOADER
2022-03-28Medium walmartglobaltechJason Reaves
@online{reaves:20220328:cobaltstrike:65362d3, author = {Jason Reaves}, title = {{CobaltStrike UUID stager}}, date = {2022-03-28}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-uuid-stager-ca7e82f7bb64}, language = {English}, urldate = {2022-04-05} } CobaltStrike UUID stager
Cobalt Strike
2022-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220310:diavol:2a6514a, author = {Jason Reaves and Joshua Platt}, title = {{Diavol the Enigma of Ransomware}}, date = {2022-03-10}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-the-enigma-of-ransomware-1fd78ffda648}, language = {English}, urldate = {2022-03-14} } Diavol the Enigma of Ransomware
Diavol
2022-02-14Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220214:privateloader:e7e062e, author = {Jason Reaves and Joshua Platt}, title = {{PrivateLoader to Anubis Loader}}, date = {2022-02-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e}, language = {English}, urldate = {2022-08-05} } PrivateLoader to Anubis Loader
Anubis Loader PrivateLoader
2022-02-01Medium walmartglobaltechJoshua Platt, Jonathan Mccay, Jason Reaves
@online{platt:20220201:sugar:ba25cd3, author = {Joshua Platt and Jonathan Mccay and Jason Reaves}, title = {{Sugar Ransomware, a new RaaS}}, date = {2022-02-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb}, language = {English}, urldate = {2022-02-02} } Sugar Ransomware, a new RaaS
Sugar
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220111:signed:0f32583, author = {Jason Reaves and Joshua Platt}, title = {{Signed DLL campaigns as a service}}, date = {2022-01-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/signed-dll-campaigns-as-a-service-7760ac676489}, language = {English}, urldate = {2023-01-31} } Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader
2021-10-14Medium walmartglobaltechJason Reaves
@online{reaves:20211014:investigation:29ef29c, author = {Jason Reaves}, title = {{Investigation into the state of NIM malware Part 2}}, date = {2021-10-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-part-2-a28bffffa671}, language = {English}, urldate = {2021-12-15} } Investigation into the state of NIM malware Part 2
Cobalt Strike NimGrabber Nimrev Unidentified 088 (Nim Ransomware)
2021-09-07Medium walmartglobaltechJason Reaves
@online{reaves:20210907:decoding:bb6bf8e, author = {Jason Reaves}, title = {{Decoding SmartAssembly strings, a Haron ransomware case study}}, date = {2021-09-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decoding-smartassembly-strings-a-haron-ransomware-case-study-9d0c5af7080b}, language = {English}, urldate = {2021-09-09} } Decoding SmartAssembly strings, a Haron ransomware case study
Haron Ransomware
2021-08-19Medium walmartglobaltechJason Reaves
@online{reaves:20210819:looking:361ca2d, author = {Jason Reaves}, title = {{Looking at the new Krypton crypter and recent Data Exfiltrator Samples}}, date = {2021-08-19}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/looking-at-the-new-krypton-crypter-and-recent-data-exfiltrator-samples-4c484875cf70}, language = {English}, urldate = {2021-09-06} } Looking at the new Krypton crypter and recent Data Exfiltrator Samples
2021-08-03Twitter (@sysopfb)Jason Reaves
@online{reaves:20210803:python:3eef2f9, author = {Jason Reaves}, title = {{Tweet on python script to decode the blob from Blackmatter ransomware}}, date = {2021-08-03}, organization = {Twitter (@sysopfb)}, url = {https://twitter.com/sysopfb/status/1422280887274639375}, language = {English}, urldate = {2021-08-06} } Tweet on python script to decode the blob from Blackmatter ransomware
DarkSide
2021-07-30Medium walmartglobaltechJason Reaves
@online{reaves:20210730:decrypting:0b08389, author = {Jason Reaves}, title = {{Decrypting BazarLoader strings with a Unicorn}}, date = {2021-07-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decrypting-bazarloader-strings-with-a-unicorn-15d2585272a9}, language = {English}, urldate = {2021-08-02} } Decrypting BazarLoader strings with a Unicorn
BazarBackdoor
2021-07-08Medium walmartglobaltechJason Reaves, Harold Ogden
@online{reaves:20210708:amadey:0deeb3d, author = {Jason Reaves and Harold Ogden}, title = {{Amadey stealer plugin adds Mikrotik and Outlook harvesting}}, date = {2021-07-08}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/amadey-stealer-plugin-adds-mikrotik-and-outlook-harvesting-518efe724ce4}, language = {English}, urldate = {2021-07-11} } Amadey stealer plugin adds Mikrotik and Outlook harvesting
Amadey
2021-07-06Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20210706:ta505:35e0dbc, author = {Jason Reaves and Joshua Platt}, title = {{TA505 adds GoLang crypter for delivering miners and ServHelper}}, date = {2021-07-06}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/ta505-adds-golang-crypter-for-delivering-miners-and-servhelper-af70b26a6e56}, language = {English}, urldate = {2021-07-11} } TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper