Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-06-24Twitter (@embee_research)Embee_research
@online{embeeresearch:20230624:smokeloader:9b36b55, author = {Embee_research}, title = {{SmokeLoader - Malware Analysis and Decoding With Procmon}}, date = {2023-06-24}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/smokeloader-analysis-with-procmon/}, language = {English}, urldate = {2023-06-24} } SmokeLoader - Malware Analysis and Decoding With Procmon
SmokeLoader
2022-10-25Medium walmartglobaltechJason Reaves
@online{reaves:20221025:brute:3e3f821, author = {Jason Reaves}, title = {{Brute Ratel Config Decoding update}}, date = {2022-10-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/brute-ratel-config-decoding-update-7820455022cb}, language = {English}, urldate = {2023-01-31} } Brute Ratel Config Decoding update
Brute Ratel C4
2022-10-13Booz Allen HamiltonBooz Allen Hamilton
@techreport{hamilton:20221013:same:8e18bf4, author = {Booz Allen Hamilton}, title = {{Same Cloak, More Dagger: Decoding how the People's Republic of China uses Cyberattacks}}, date = {2022-10-13}, institution = {Booz Allen Hamilton}, url = {https://www.boozallen.com/content/dam/home/pdf/natsec/china-cyber-report.pdf}, language = {English}, urldate = {2022-10-24} } Same Cloak, More Dagger: Decoding how the People's Republic of China uses Cyberattacks
2022-05-06Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220506:cobalt:8248108, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding}}, date = {2022-05-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encoding-decoding/}, language = {English}, urldate = {2022-05-09} } Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
Cobalt Strike
2022-03-15Security Soup BlogRyan Campbell
@online{campbell:20220315:decoding:507512a, author = {Ryan Campbell}, title = {{Decoding a DanaBot Downloader}}, date = {2022-03-15}, organization = {Security Soup Blog}, url = {https://security-soup.net/decoding-a-danabot-downloader/}, language = {English}, urldate = {2022-03-28} } Decoding a DanaBot Downloader
DanaBot
2021-09-27Youtube (OALabs)Sergei Frankoff
@online{frankoff:20210927:live:83ccb1f, author = {Sergei Frankoff}, title = {{Live Coding A Squirrelwaffle Malware Config Extractor}}, date = {2021-09-27}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=9X2P7aFKSw0}, language = {English}, urldate = {2021-10-05} } Live Coding A Squirrelwaffle Malware Config Extractor
Squirrelwaffle
2021-09-07Medium walmartglobaltechJason Reaves
@online{reaves:20210907:decoding:bb6bf8e, author = {Jason Reaves}, title = {{Decoding SmartAssembly strings, a Haron ransomware case study}}, date = {2021-09-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decoding-smartassembly-strings-a-haron-ransomware-case-study-9d0c5af7080b}, language = {English}, urldate = {2021-09-09} } Decoding SmartAssembly strings, a Haron ransomware case study
Haron Ransomware
2021-07-08Avast DecodedThreat Intelligence Team
@online{team:20210708:decoding:04acb98, author = {Threat Intelligence Team}, title = {{Decoding Cobalt Strike: Understanding Payloads}}, date = {2021-07-08}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/}, language = {English}, urldate = {2021-07-08} } Decoding Cobalt Strike: Understanding Payloads
Cobalt Strike Empire Downloader
2021-04-18YouTube (dist67)Didier Stevens
@online{stevens:20210418:decoding:18e5319, author = {Didier Stevens}, title = {{Decoding Cobalt Strike Traffic}}, date = {2021-04-18}, organization = {YouTube (dist67)}, url = {https://www.youtube.com/watch?v=ysN-MqyIN7M}, language = {English}, urldate = {2021-04-20} } Decoding Cobalt Strike Traffic
Cobalt Strike
2021-02-02Trend MicroAbraham Camba, Byron Gelera, Catherine Loveria
@online{camba:20210202:finding:67f5c6b, author = {Abraham Camba and Byron Gelera and Catherine Loveria}, title = {{Finding and Decoding Multi-Step Obfuscated Malware}}, date = {2021-02-02}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/b/finding-multi-step-obfuscated-malware.html}, language = {English}, urldate = {2021-02-09} } Finding and Decoding Multi-Step Obfuscated Malware
2021-01-06SecureCodingSecureCoding
@online{securecoding:20210106:all:105c1a5, author = {SecureCoding}, title = {{All About Doki Malware}}, date = {2021-01-06}, organization = {SecureCoding}, url = {https://www.securecoding.com/blog/all-about-doki-malware/}, language = {English}, urldate = {2021-01-29} } All About Doki Malware
Doki
2020-07-26Shells.System blogAskar
@online{askar:20200726:inmemory:5556cad, author = {Askar}, title = {{In-Memory shellcode decoding to evade AVs/EDRs}}, date = {2020-07-26}, organization = {Shells.System blog}, url = {https://shells.systems/in-memory-shellcode-decoding-to-evade-avs/}, language = {English}, urldate = {2020-07-30} } In-Memory shellcode decoding to evade AVs/EDRs
Cobalt Strike
2018-04-20NCC GroupNikolaos Pantazopoulos
@online{pantazopoulos:20180420:decoding:b4ca1d1, author = {Nikolaos Pantazopoulos}, title = {{Decoding network data from a Gh0st RAT variant}}, date = {2018-04-20}, organization = {NCC Group}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/}, language = {English}, urldate = {2022-10-07} } Decoding network data from a Gh0st RAT variant
Ghost RAT APT27
2018-04-17NCC GroupNikolaos Pantazopoulos
@online{pantazopoulos:20180417:decoding:7d5f713, author = {Nikolaos Pantazopoulos}, title = {{Decoding network data from a Gh0st RAT variant}}, date = {2018-04-17}, organization = {NCC Group}, url = {https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/}, language = {English}, urldate = {2022-09-20} } Decoding network data from a Gh0st RAT variant
Ghost RAT APT27
2018-02-26Secure coding and more blogAntonio Parata
@online{parata:20180226:analyzing:07c666d, author = {Antonio Parata}, title = {{Analyzing the nasty .NET protection of the Ploutus.D malware}}, date = {2018-02-26}, organization = {Secure coding and more blog}, url = {http://antonioparata.blogspot.co.uk/2018/02/analyzing-nasty-net-protection-of.html}, language = {English}, urldate = {2020-01-06} } Analyzing the nasty .NET protection of the Ploutus.D malware
Ploutus ATM
2017-04-17Github (countercept)Luke Jennings
@online{jennings:20170417:python:d5a3654, author = {Luke Jennings}, title = {{Python script for decoding DOUBLEPULSAR}}, date = {2017-04-17}, organization = {Github (countercept)}, url = {https://github.com/countercept/doublepulsar-c2-traffic-decryptor}, language = {English}, urldate = {2020-01-08} } Python script for decoding DOUBLEPULSAR
2016-12-03Coding and SecurityCoding, Security
@online{coding:20161203:sophisticated:af2cbb4, author = {Coding and Security}, title = {{"Sophisticated" and "Genius" Shamoon 2.0 Malware Analysis}}, date = {2016-12-03}, organization = {Coding and Security}, url = {https://www.codeandsec.com/Sophisticated-CyberWeapon-Shamoon-2-Malware-Analysis}, language = {English}, urldate = {2020-01-08} } "Sophisticated" and "Genius" Shamoon 2.0 Malware Analysis
DistTrack
2016-08-30Palo Alto Networks Unit 42Jeff White
@online{white:20160830:pythons:10b7e3c, author = {Jeff White}, title = {{Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation}}, date = {2016-08-30}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2016/08/unit42-pythons-and-unicorns-and-hancitoroh-my-decoding-binaries-through-emulation/}, language = {English}, urldate = {2019-12-20} } Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation
2015-08-10Coding StuffsSergio Paganoni
@online{paganoni:20150810:fobber:ac48fa7, author = {Sergio Paganoni}, title = {{Fobber Code Decryption}}, date = {2015-08-10}, organization = {Coding Stuffs}, url = {http://blog.wizche.ch/fobber/malware/analysis/2015/08/10/fobber-encryption.html}, language = {English}, urldate = {2020-01-10} } Fobber Code Decryption
Fobber
2014-08-01Coding and SecurityCoding, Security
@online{coding:20140801:soraya:4e51b2f, author = {Coding and Security}, title = {{Soraya Malware Analysis - Dropper}}, date = {2014-08-01}, organization = {Coding and Security}, url = {https://www.codeandsec.com/Soraya-Malware-Analysis-Dropper}, language = {English}, urldate = {2020-01-09} } Soraya Malware Analysis - Dropper
soraya