Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-21Cyber-AnubisNidal Fikri
@online{fikri:20211121:drdiex:b9218fa, author = {Nidal Fikri}, title = {{Drdiex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction}}, date = {2021-11-21}, organization = {Cyber-Anubis}, url = {https://cyber-anubis.github.io/malware%20analysis/dridex/}, language = {English}, urldate = {2021-11-25} } Drdiex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction
DoppelDridex Dridex
2021-11-18Twitter (@tccontre18)Br3akp0int
@online{br3akp0int:20211118:how:02114e2, author = {Br3akp0int}, title = {{Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm}}, date = {2021-11-18}, organization = {Twitter (@tccontre18)}, url = {https://twitter.com/tccontre18/status/1461386178528264204}, language = {English}, urldate = {2021-11-19} } Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm
Vjw0rm
2021-11-17nvisoDidier Stevens
@online{stevens:20211117:cobalt:0b6ecf5, author = {Didier Stevens}, title = {{Cobalt Strike: Decrypting Obfuscated Traffic – Part 4}}, date = {2021-11-17}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/17/cobalt-strike-decrypting-obfuscated-traffic-part-4/}, language = {English}, urldate = {2021-11-18} } Cobalt Strike: Decrypting Obfuscated Traffic – Part 4
Cobalt Strike
2021-11-13YouTube (AGDC Services)AGDC Services
@online{services:20211113:automate:487e01f, author = {AGDC Services}, title = {{Automate Qbot Malware String Decryption With Ghidra Script}}, date = {2021-11-13}, organization = {YouTube (AGDC Services)}, url = {https://www.youtube.com/watch?v=4I0LF8Vm7SI}, language = {English}, urldate = {2021-11-19} } Automate Qbot Malware String Decryption With Ghidra Script
QakBot
2021-11-03nvisoDidier Stevens
@online{stevens:20211103:cobalt:8f8223d, author = {Didier Stevens}, title = {{Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3}}, date = {2021-11-03}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decrypt-traffic-part-3/}, language = {English}, urldate = {2021-11-08} } Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3
Cobalt Strike
2021-10-30YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211030:reversing:ce96b92, author = {Jiří Vinopal}, title = {{Reversing CryptoCrazy Ransomware - PoC Decryptor and some Tricks}}, date = {2021-10-30}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/oYLs6wuoOfg}, language = {English}, urldate = {2021-11-26} } Reversing CryptoCrazy Ransomware - PoC Decryptor and some Tricks
Povlsomware
2021-10-27nvisoDidier Stevens
@online{stevens:20211027:cobalt:b91181a, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2}}, date = {2021-10-27}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/27/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-2/}, language = {English}, urldate = {2021-11-03} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2
Cobalt Strike
2021-10-27Avast DecodedAvast
@online{avast:20211027:avast:6b44ea1, author = {Avast}, title = {{Avast releases decryptor for AtomSilo and LockFile ransomware}}, date = {2021-10-27}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/}, language = {English}, urldate = {2021-11-08} } Avast releases decryptor for AtomSilo and LockFile ransomware
ATOMSILO LockFile
2021-10-21nvisoDidier Stevens
@online{stevens:20211021:cobalt:bfc8702, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1}}, date = {2021-10-21}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/}, language = {English}, urldate = {2021-10-26} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
Cobalt Strike
2021-09-22SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210922:revil:5b97baf, author = {Counter Threat Unit ResearchTeam}, title = {{REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released}}, date = {2021-09-22}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/revil-ransomware-reemerges-after-shutdown-universal-decryptor-released}, language = {English}, urldate = {2021-09-28} } REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released
REvil REvil
2021-09-21Washington PostEllen Nakashima, Rachel Lerman
@online{nakashima:20210921:fbi:ce8f168, author = {Ellen Nakashima and Rachel Lerman}, title = {{FBI held back ransomware decryption key from businesses to run operation targeting hackers}}, date = {2021-09-21}, organization = {Washington Post}, url = {https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html}, language = {English}, urldate = {2021-10-05} } FBI held back ransomware decryption key from businesses to run operation targeting hackers
REvil
2021-09-08US Department of JusticeUS Department of Justice
@online{justice:20210908:ukrainian:493bf23, author = {US Department of Justice}, title = {{Ukrainian Cyber Criminal Extradited For Decrypting The Credentials Of Thousands Of Computers Across The World And Selling Them On A Dark Web Website (Glib Oleksandr Ivanov-Tolpintsev)}}, date = {2021-09-08}, organization = {US Department of Justice}, url = {https://www.justice.gov/usao-mdfl/pr/ukrainian-cyber-criminal-extradited-decrypting-credentials-thousands-computers-across}, language = {English}, urldate = {2021-09-10} } Ukrainian Cyber Criminal Extradited For Decrypting The Credentials Of Thousands Of Computers Across The World And Selling Them On A Dark Web Website (Glib Oleksandr Ivanov-Tolpintsev)
2021-08-26Bleeping ComputerIonut Ilascu
@online{ilascu:20210826:ragnarok:71e3d60, author = {Ionut Ilascu}, title = {{Ragnarok ransomware releases master decryptor after shutdown}}, date = {2021-08-26}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/}, language = {English}, urldate = {2021-08-31} } Ragnarok ransomware releases master decryptor after shutdown
Ragnarok
2021-08-12The RecordCatalin Cimpanu
@online{cimpanu:20210812:synack:c4109da, author = {Catalin Cimpanu}, title = {{SynAck ransomware gang releases decryption keys for old victims}}, date = {2021-08-12}, organization = {The Record}, url = {https://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/}, language = {English}, urldate = {2021-08-15} } SynAck ransomware gang releases decryption keys for old victims
SynAck
2021-08-11BleepingComputerLawrence Abrams
@online{abrams:20210811:kaseyas:93f86e6, author = {Lawrence Abrams}, title = {{Kaseya's universal REvil decryption key leaked on a hacking forum}}, date = {2021-08-11}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/}, language = {English}, urldate = {2021-08-16} } Kaseya's universal REvil decryption key leaked on a hacking forum
REvil
2021-08-01The RecordCatalin Cimpanu
@online{cimpanu:20210801:decryptor:5f67ec8, author = {Catalin Cimpanu}, title = {{Decryptor released for Prometheus ransomware victims}}, date = {2021-08-01}, organization = {The Record}, url = {https://therecord.media/decryptor-released-for-prometheus-ransomware-victims/}, language = {English}, urldate = {2021-08-06} } Decryptor released for Prometheus ransomware victims
Prometheus
2021-07-30Medium walmartglobaltechJason Reaves
@online{reaves:20210730:decrypting:0b08389, author = {Jason Reaves}, title = {{Decrypting BazarLoader strings with a Unicorn}}, date = {2021-07-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decrypting-bazarloader-strings-with-a-unicorn-15d2585272a9}, language = {English}, urldate = {2021-08-02} } Decrypting BazarLoader strings with a Unicorn
BazarBackdoor
2021-07-25Max Kersten's BlogMax Kersten
@online{kersten:20210725:ghidra:00c108d, author = {Max Kersten}, title = {{Ghidra script to decrypt a string array in XOR DDoS}}, date = {2021-07-25}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/ghidra-script-to-decrypt-a-string-array-in-xor-ddos/}, language = {English}, urldate = {2021-08-02} } Ghidra script to decrypt a string array in XOR DDoS
XOR DDoS
2021-07-22Bleeping ComputerLawrence Abrams
@online{abrams:20210722:kaseya:7ec0805, author = {Lawrence Abrams}, title = {{Kaseya obtains universal decryptor for REvil ransomware victims}}, date = {2021-07-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/}, language = {English}, urldate = {2021-07-26} } Kaseya obtains universal decryptor for REvil ransomware victims
REvil
2021-07-13Medium CyCraftCyCraft Technology Corp
@online{corp:20210713:prometheus:bd4e53b, author = {CyCraft Technology Corp}, title = {{Prometheus Ransomware Decryptor}}, date = {2021-07-13}, organization = {Medium CyCraft}, url = {https://medium.com/cycraft/prometheus-decryptor-6933e7bac1ea}, language = {English}, urldate = {2021-08-02} } Prometheus Ransomware Decryptor
Prometheus