Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-25kienmanowar BlogTran Trung Kien, m4n0w4r
@online{kien:20230325:quicknote:c2b9de4, author = {Tran Trung Kien and m4n0w4r}, title = {{[QuickNote] Decrypting the C2 configuration of Warzone RAT}}, date = {2023-03-25}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2023/03/25/quicknote-decrypting-the-c2-configuration-of-warzone-rat/}, language = {English}, urldate = {2023-03-27} } [QuickNote] Decrypting the C2 configuration of Warzone RAT
Ave Maria
2023-03-24cocomelonccocomelonc
@online{cocomelonc:20230324:malware:972beff, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.}}, date = {2023-03-24}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html}, language = {English}, urldate = {2023-03-30} } Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.
2023-03-21Github (rivitna)Andrey Zhdanov
@online{zhdanov:20230321:blackcat:2da310d, author = {Andrey Zhdanov}, title = {{BlackCat v3 Decryptor Scripts}}, date = {2023-03-21}, organization = {Github (rivitna)}, url = {https://github.com/rivitna/Malware/tree/main/BlackCat/ALPHV3}, language = {English}, urldate = {2023-03-22} } BlackCat v3 Decryptor Scripts
BlackCat BlackCat
2023-03-09Github (cocomelonc)cocomelonc
@online{cocomelonc:20230309:malware:fe37ea5, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.}}, date = {2023-03-09}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/malware/2023/03/09/malware-av-evasion-13.html}, language = {English}, urldate = {2023-03-30} } Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.
2023-02-14Github (clairelevin)Claire Levin
@online{levin:20230214:writing:acb4846, author = {Claire Levin}, title = {{Writing a decryptor for Jaff ransomware}}, date = {2023-02-14}, organization = {Github (clairelevin)}, url = {https://clairelevin.github.io/malware/2023/02/14/jaff.html}, language = {English}, urldate = {2023-02-21} } Writing a decryptor for Jaff ransomware
Jaff
2023-02-07HelpNetSecurityZeljka Zorz
@online{zorz:20230207:released:d60ac1e, author = {Zeljka Zorz}, title = {{Released: Decryptor for Cl0p ransomware’s Linux variant}}, date = {2023-02-07}, organization = {HelpNetSecurity}, url = {https://www.helpnetsecurity.com/2023/02/07/cl0p-ransomware-decryptor-linux/}, language = {English}, urldate = {2023-02-09} } Released: Decryptor for Cl0p ransomware’s Linux variant
Clop
2023-02-07SentinelOneAntonis Terefos
@online{terefos:20230207:cl0p:dfa5c77, author = {Antonis Terefos}, title = {{Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available}}, date = {2023-02-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/}, language = {English}, urldate = {2023-02-09} } Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
Clop
2023-01-05Bleeping ComputerBill Toulas
@online{toulas:20230105:bitdefender:dc76b2a, author = {Bill Toulas}, title = {{Bitdefender releases free MegaCortex ransomware decryptor}}, date = {2023-01-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/}, language = {English}, urldate = {2023-01-06} } Bitdefender releases free MegaCortex ransomware decryptor
MegaCortex
2022-11-28Github (reecdeep)reecdeep
@online{reecdeep:20221128:hivev5:ddd645c, author = {reecdeep}, title = {{HiveV5 file decryptor PoC}}, date = {2022-11-28}, organization = {Github (reecdeep)}, url = {https://github.com/reecdeep/HiveV5_file_decryptor}, language = {English}, urldate = {2022-12-29} } HiveV5 file decryptor PoC
Hive Hive
2022-11-21Github (larsborn)Lars Wallenborn
@online{wallenborn:20221121:tofsee:8a0c345, author = {Lars Wallenborn}, title = {{Tofsee String Decryption Code}}, date = {2022-11-21}, organization = {Github (larsborn)}, url = {https://gist.github.com/larsborn/0ec24d7b294248c51de0c3335802cbd4}, language = {English}, urldate = {2022-11-25} } Tofsee String Decryption Code
Tofsee
2022-10-17Malversegreenplan
@online{greenplan:20221017:stack:5c74181, author = {greenplan}, title = {{Stack String Decryption with Ghidra Emulator (Orchard)}}, date = {2022-10-17}, organization = {Malverse}, url = {https://malverse.it/stack-string-decryptor-con-ghidra-emulator-orchard}, language = {Italian}, urldate = {2022-10-18} } Stack String Decryption with Ghidra Emulator (Orchard)
Orchard
2022-09-26K7 SecurityGaurav Yadav
@online{yadav:20220926:dcdcrypt:b3ac294, author = {Gaurav Yadav}, title = {{DcDcrypt Ransomware Decryptor}}, date = {2022-09-26}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/dcdcrypt-ransomware-decryptor/}, language = {English}, urldate = {2022-09-30} } DcDcrypt Ransomware Decryptor
DcDcrypt
2022-07-13Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220713:cobalt:dd907c3, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption}}, date = {2022-07-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encryption-decryption/}, language = {English}, urldate = {2022-07-15} } Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
Cobalt Strike
2022-07-07EmsisoftEmsisoft
@online{emsisoft:20220707:astralocker:4fc94a1, author = {Emsisoft}, title = {{AstraLocker decryptor}}, date = {2022-07-07}, organization = {Emsisoft}, url = {https://www.emsisoft.com/ransomware-decryption-tools/astralocker}, language = {English}, urldate = {2022-07-12} } AstraLocker decryptor
AstraLocker
2022-07-04Bleeping ComputerSergiu Gatlan
@online{gatlan:20220704:astralocker:02fcfe5, author = {Sergiu Gatlan}, title = {{AstraLocker ransomware shuts down and releases decryptors}}, date = {2022-07-04}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/}, language = {English}, urldate = {2022-08-05} } AstraLocker ransomware shuts down and releases decryptors
AstraLocker
2022-06-09Bleeping ComputerLawrence Abrams
@online{abrams:20220609:roblox:19b3f09, author = {Lawrence Abrams}, title = {{Roblox Game Pass store used to sell ransomware decryptor}}, date = {2022-06-09}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/}, language = {English}, urldate = {2022-06-10} } Roblox Game Pass store used to sell ransomware decryptor
Chaos
2022-04-18Bleeping ComputerSergiu Gatlan
@online{gatlan:20220418:free:d6f6e7a, author = {Sergiu Gatlan}, title = {{Free decryptor released for Yanluowang ransomware victims}}, date = {2022-04-18}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-yanluowang-ransomware-victims/}, language = {English}, urldate = {2022-04-20} } Free decryptor released for Yanluowang ransomware victims
Yanluowang
2022-03-21Threat PostLisa Vaas
@online{vaas:20220321:conti:0b203c8, author = {Lisa Vaas}, title = {{Conti Ransomware V. 3, Including Decryptor, Leaked}}, date = {2022-03-21}, organization = {Threat Post}, url = {https://threatpost.com/conti-ransomware-v-3-including-decryptor-leaked/179006/}, language = {English}, urldate = {2022-03-22} } Conti Ransomware V. 3, Including Decryptor, Leaked
Cobalt Strike Conti TrickBot
2022-03-04Threat PostLisa Vaas
@online{vaas:20220304:free:60674b1, author = {Lisa Vaas}, title = {{Free HermeticRansom Ransomware Decryptor Released}}, date = {2022-03-04}, organization = {Threat Post}, url = {https://threatpost.com/free-hermeticransom-ransomware-decryptor-released/178762/}, language = {English}, urldate = {2022-03-07} } Free HermeticRansom Ransomware Decryptor Released
PartyTicket
2022-03-03Bleeping ComputerBill Toulas
@online{toulas:20220303:free:f5952fa, author = {Bill Toulas}, title = {{Free decryptor released for HermeticRansom victims in Ukraine}}, date = {2022-03-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-hermeticransom-victims-in-ukraine/}, language = {English}, urldate = {2022-03-04} } Free decryptor released for HermeticRansom victims in Ukraine
PartyTicket