Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-21Github (larsborn)Lars Wallenborn
@online{wallenborn:20221121:tofsee:8a0c345, author = {Lars Wallenborn}, title = {{Tofsee String Decryption Code}}, date = {2022-11-21}, organization = {Github (larsborn)}, url = {https://gist.github.com/larsborn/0ec24d7b294248c51de0c3335802cbd4}, language = {English}, urldate = {2022-11-25} } Tofsee String Decryption Code
Tofsee
2022-10-17Malversegreenplan
@online{greenplan:20221017:stack:5c74181, author = {greenplan}, title = {{Stack String Decryption with Ghidra Emulator (Orchard)}}, date = {2022-10-17}, organization = {Malverse}, url = {https://malverse.it/stack-string-decryptor-con-ghidra-emulator-orchard}, language = {Italian}, urldate = {2022-10-18} } Stack String Decryption with Ghidra Emulator (Orchard)
Orchard
2022-09-26K7 SecurityGaurav Yadav
@online{yadav:20220926:dcdcrypt:b3ac294, author = {Gaurav Yadav}, title = {{DcDcrypt Ransomware Decryptor}}, date = {2022-09-26}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/dcdcrypt-ransomware-decryptor/}, language = {English}, urldate = {2022-09-30} } DcDcrypt Ransomware Decryptor
DcDcrypt
2022-07-13Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220713:cobalt:dd907c3, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption}}, date = {2022-07-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encryption-decryption/}, language = {English}, urldate = {2022-07-15} } Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
Cobalt Strike
2022-07-07EmsisoftEmsisoft
@online{emsisoft:20220707:astralocker:4fc94a1, author = {Emsisoft}, title = {{AstraLocker decryptor}}, date = {2022-07-07}, organization = {Emsisoft}, url = {https://www.emsisoft.com/ransomware-decryption-tools/astralocker}, language = {English}, urldate = {2022-07-12} } AstraLocker decryptor
AstraLocker
2022-07-04Bleeping ComputerSergiu Gatlan
@online{gatlan:20220704:astralocker:02fcfe5, author = {Sergiu Gatlan}, title = {{AstraLocker ransomware shuts down and releases decryptors}}, date = {2022-07-04}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/}, language = {English}, urldate = {2022-08-05} } AstraLocker ransomware shuts down and releases decryptors
AstraLocker
2022-06-09Bleeping ComputerLawrence Abrams
@online{abrams:20220609:roblox:19b3f09, author = {Lawrence Abrams}, title = {{Roblox Game Pass store used to sell ransomware decryptor}}, date = {2022-06-09}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/}, language = {English}, urldate = {2022-06-10} } Roblox Game Pass store used to sell ransomware decryptor
Chaos
2022-04-18Bleeping ComputerSergiu Gatlan
@online{gatlan:20220418:free:d6f6e7a, author = {Sergiu Gatlan}, title = {{Free decryptor released for Yanluowang ransomware victims}}, date = {2022-04-18}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-yanluowang-ransomware-victims/}, language = {English}, urldate = {2022-04-20} } Free decryptor released for Yanluowang ransomware victims
Yanluowang
2022-03-21Threat PostLisa Vaas
@online{vaas:20220321:conti:0b203c8, author = {Lisa Vaas}, title = {{Conti Ransomware V. 3, Including Decryptor, Leaked}}, date = {2022-03-21}, organization = {Threat Post}, url = {https://threatpost.com/conti-ransomware-v-3-including-decryptor-leaked/179006/}, language = {English}, urldate = {2022-03-22} } Conti Ransomware V. 3, Including Decryptor, Leaked
Cobalt Strike Conti TrickBot
2022-03-04Threat PostLisa Vaas
@online{vaas:20220304:free:60674b1, author = {Lisa Vaas}, title = {{Free HermeticRansom Ransomware Decryptor Released}}, date = {2022-03-04}, organization = {Threat Post}, url = {https://threatpost.com/free-hermeticransom-ransomware-decryptor-released/178762/}, language = {English}, urldate = {2022-03-07} } Free HermeticRansom Ransomware Decryptor Released
PartyTicket
2022-03-03Avast DecodedThreat Research Team
@online{team:20220303:help:d086921, author = {Threat Research Team}, title = {{Help for Ukraine: Free decryptor for HermeticRansom ransomware}}, date = {2022-03-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/}, language = {English}, urldate = {2022-03-03} } Help for Ukraine: Free decryptor for HermeticRansom ransomware
PartyTicket
2022-03-03Bleeping ComputerBill Toulas
@online{toulas:20220303:free:f5952fa, author = {Bill Toulas}, title = {{Free decryptor released for HermeticRansom victims in Ukraine}}, date = {2022-03-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-hermeticransom-victims-in-ukraine/}, language = {English}, urldate = {2022-03-04} } Free decryptor released for HermeticRansom victims in Ukraine
PartyTicket
2022-03-02ThreatpostLisa Vaas
@online{vaas:20220302:conti:ffc8271, author = {Lisa Vaas}, title = {{Conti Ransomware Decryptor, TrickBot Source Code Leaked}}, date = {2022-03-02}, organization = {Threatpost}, url = {https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/}, language = {English}, urldate = {2022-03-07} } Conti Ransomware Decryptor, TrickBot Source Code Leaked
Conti TrickBot
2022-03-01CrowdStrikeCrowdStrike Intelligence Team
@online{team:20220301:decryptable:27c195e, author = {CrowdStrike Intelligence Team}, title = {{Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities}}, date = {2022-03-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/}, language = {English}, urldate = {2022-03-07} } Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities
PartyTicket
2022-03-01Github (usualsuspect)Johann Aydinbas
@online{aydinbas:20220301:python:1e7cf7b, author = {Johann Aydinbas}, title = {{Python script to decrypt embedded driver used in Daxin}}, date = {2022-03-01}, organization = {Github (usualsuspect)}, url = {https://gist.github.com/usualsuspect/839fbc54e0d76bb2626329cd94274cd6}, language = {English}, urldate = {2022-03-07} } Python script to decrypt embedded driver used in Daxin
Daxin
2022-02-24LIFARSVlad Pasca
@online{pasca:20220224:how:77b74bc, author = {Vlad Pasca}, title = {{How to Decrypt the Files Encrypted by the Hive Ransomware}}, date = {2022-02-24}, organization = {LIFARS}, url = {https://lifars.com/2022/02/how-to-decrypt-the-files-encrypted-by-the-hive-ransomware/}, language = {English}, urldate = {2022-03-01} } How to Decrypt the Files Encrypted by the Hive Ransomware
Hive Hive
2022-02-24kienmanowar Blogm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20220224:quicknote:bea9238, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] Techniques for decrypting BazarLoader strings}}, date = {2022-02-24}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2022/02/24/quicknote-techniques-for-decrypting-bazarloader-strings/}, language = {English}, urldate = {2022-03-01} } [QuickNote] Techniques for decrypting BazarLoader strings
BazarBackdoor
2022-02-18Kookmin UniversityGiyoon Kim, Soram Kim, Soojin Kang, Jongsung Kim
@techreport{kim:20220218:method:4b41876, author = {Giyoon Kim and Soram Kim and Soojin Kang and Jongsung Kim}, title = {{A Method for Decrypting Data Infected with Hive Ransomware}}, date = {2022-02-18}, institution = {Kookmin University}, url = {https://arxiv.org/pdf/2202.08477.pdf}, language = {English}, urldate = {2022-02-19} } A Method for Decrypting Data Infected with Hive Ransomware
Hive Hive
2022-02-09Bleeping ComputerLawrence Abrams
@online{abrams:20220209:ransomware:e36973b, author = {Lawrence Abrams}, title = {{Ransomware dev releases Egregor, Maze master decryption keys}}, date = {2022-02-09}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/}, language = {English}, urldate = {2022-02-10} } Ransomware dev releases Egregor, Maze master decryption keys
Egregor Maze Sekhmet
2022-02-09Security AffairsPierluigi Paganini
@online{paganini:20220209:master:b0b64b8, author = {Pierluigi Paganini}, title = {{Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online}}, date = {2022-02-09}, organization = {Security Affairs}, url = {https://securityaffairs.co/wordpress/127826/malware/egregor-sekhmet-decryption-keys.html}, language = {English}, urldate = {2022-02-10} } Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online
Egregor m0yv Maze Sekhmet