Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-02Twitter (@sysopfb)Jason Reaves
@online{reaves:20220602:tweets:b70da25, author = {Jason Reaves}, title = {{Tweets on UpdateAgent - GolangVersion}}, date = {2022-06-02}, organization = {Twitter (@sysopfb)}, url = {https://twitter.com/sysopfb/status/1532442456343691273}, language = {English}, urldate = {2022-06-04} } Tweets on UpdateAgent - GolangVersion
UpdateAgent
2022-05-25Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220525:socgholish:f876e0e, author = {Jason Reaves and Joshua Platt}, title = {{SocGholish Campaigns and Initial Access Kit}}, date = {2022-05-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee}, language = {English}, urldate = {2022-06-02} } SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT
2022-04-15Medium walmartglobaltechJason Reaves
@online{reaves:20220415:revisiting:94c149c, author = {Jason Reaves}, title = {{Revisiting BatLoader C2 structure}}, date = {2022-04-15}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/revisiting-batloader-c2-structure-52f46ff9893a}, language = {English}, urldate = {2022-04-29} } Revisiting BatLoader C2 structure
2022-03-28Medium walmartglobaltechJason Reaves
@online{reaves:20220328:cobaltstrike:65362d3, author = {Jason Reaves}, title = {{CobaltStrike UUID stager}}, date = {2022-03-28}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-uuid-stager-ca7e82f7bb64}, language = {English}, urldate = {2022-04-05} } CobaltStrike UUID stager
Cobalt Strike
2022-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220310:diavol:2a6514a, author = {Jason Reaves and Joshua Platt}, title = {{Diavol the Enigma of Ransomware}}, date = {2022-03-10}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-the-enigma-of-ransomware-1fd78ffda648}, language = {English}, urldate = {2022-03-14} } Diavol the Enigma of Ransomware
Diavol
2022-02-14Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220214:privateloader:e7e062e, author = {Jason Reaves and Joshua Platt}, title = {{PrivateLoader to Anubis Loader}}, date = {2022-02-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e}, language = {English}, urldate = {2022-03-02} } PrivateLoader to Anubis Loader
Anubis Loader
2022-02-01Medium walmartglobaltechJoshua Platt, Jonathan Mccay, Jason Reaves
@online{platt:20220201:sugar:ba25cd3, author = {Joshua Platt and Jonathan Mccay and Jason Reaves}, title = {{Sugar Ransomware, a new RaaS}}, date = {2022-02-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb}, language = {English}, urldate = {2022-02-02} } Sugar Ransomware, a new RaaS
Sugar
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220111:signed:0f32583, author = {Jason Reaves and Joshua Platt}, title = {{Signed DLL campaigns as a service}}, date = {2022-01-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/signed-dll-campaigns-as-a-service-7760ac676489}, language = {English}, urldate = {2022-01-25} } Signed DLL campaigns as a service
Cobalt Strike ISFB Zloader
2021-10-14Medium walmartglobaltechJason Reaves
@online{reaves:20211014:investigation:29ef29c, author = {Jason Reaves}, title = {{Investigation into the state of NIM malware Part 2}}, date = {2021-10-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-part-2-a28bffffa671}, language = {English}, urldate = {2021-12-15} } Investigation into the state of NIM malware Part 2
Cobalt Strike NimGrabber Nimrev Unidentified 088 (Nim Ransomware)
2021-09-07Medium walmartglobaltechJason Reaves
@online{reaves:20210907:decoding:bb6bf8e, author = {Jason Reaves}, title = {{Decoding SmartAssembly strings, a Haron ransomware case study}}, date = {2021-09-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decoding-smartassembly-strings-a-haron-ransomware-case-study-9d0c5af7080b}, language = {English}, urldate = {2021-09-09} } Decoding SmartAssembly strings, a Haron ransomware case study
Haron Ransomware
2021-08-19Medium walmartglobaltechJason Reaves
@online{reaves:20210819:looking:361ca2d, author = {Jason Reaves}, title = {{Looking at the new Krypton crypter and recent Data Exfiltrator Samples}}, date = {2021-08-19}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/looking-at-the-new-krypton-crypter-and-recent-data-exfiltrator-samples-4c484875cf70}, language = {English}, urldate = {2021-09-06} } Looking at the new Krypton crypter and recent Data Exfiltrator Samples
2021-08-03Twitter (@sysopfb)Jason Reaves
@online{reaves:20210803:python:3eef2f9, author = {Jason Reaves}, title = {{Tweet on python script to decode the blob from Blackmatter ransomware}}, date = {2021-08-03}, organization = {Twitter (@sysopfb)}, url = {https://twitter.com/sysopfb/status/1422280887274639375}, language = {English}, urldate = {2021-08-06} } Tweet on python script to decode the blob from Blackmatter ransomware
DarkSide
2021-07-30Medium walmartglobaltechJason Reaves
@online{reaves:20210730:decrypting:0b08389, author = {Jason Reaves}, title = {{Decrypting BazarLoader strings with a Unicorn}}, date = {2021-07-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decrypting-bazarloader-strings-with-a-unicorn-15d2585272a9}, language = {English}, urldate = {2021-08-02} } Decrypting BazarLoader strings with a Unicorn
BazarBackdoor
2021-07-08Medium walmartglobaltechJason Reaves, Harold Ogden
@online{reaves:20210708:amadey:0deeb3d, author = {Jason Reaves and Harold Ogden}, title = {{Amadey stealer plugin adds Mikrotik and Outlook harvesting}}, date = {2021-07-08}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/amadey-stealer-plugin-adds-mikrotik-and-outlook-harvesting-518efe724ce4}, language = {English}, urldate = {2021-07-11} } Amadey stealer plugin adds Mikrotik and Outlook harvesting
Amadey
2021-07-06Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20210706:ta505:35e0dbc, author = {Jason Reaves and Joshua Platt}, title = {{TA505 adds GoLang crypter for delivering miners and ServHelper}}, date = {2021-07-06}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/ta505-adds-golang-crypter-for-delivering-miners-and-servhelper-af70b26a6e56}, language = {English}, urldate = {2021-07-11} } TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper
2021-06-07Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210607:inside:6c363a7, author = {Joshua Platt and Jason Reaves}, title = {{Inside the SystemBC Malware-As-A-Service}}, date = {2021-06-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6}, language = {English}, urldate = {2021-06-08} } Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot
2021-05-03Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210503:buerloader:2aa3e3f, author = {Joshua Platt and Jason Reaves}, title = {{BuerLoader Updates}}, date = {2021-05-03}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/buerloader-updates-3e34c1949b96}, language = {English}, urldate = {2021-05-04} } BuerLoader Updates
Buer
2021-04-20Medium walmartglobaltechJason Reaves
@online{reaves:20210420:cobaltstrike:d18d4c4, author = {Jason Reaves}, title = {{CobaltStrike Stager Utilizing Floating Point Math}}, date = {2021-04-20}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-stager-utilizing-floating-point-math-9bc13f9b9718}, language = {English}, urldate = {2021-04-20} } CobaltStrike Stager Utilizing Floating Point Math
Cobalt Strike
2021-04-09Medium walmartglobaltechJason Reaves
@online{reaves:20210409:relook:ab87230, author = {Jason Reaves}, title = {{A Relook at the TerraLoader Dropper DLL}}, date = {2021-04-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/a-re-look-at-the-terraloader-dropper-dll-e5947ad6e244}, language = {English}, urldate = {2021-04-12} } A Relook at the TerraLoader Dropper DLL
TerraLoader
2021-04-07Medium walmartglobaltechJason Reaves
@online{reaves:20210407:not:c28aeef, author = {Jason Reaves}, title = {{Not your same old adware anymore, PBOT updates}}, date = {2021-04-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/not-your-same-old-adware-anymore-pbot-updates-6d43b159ab35}, language = {English}, urldate = {2021-04-09} } Not your same old adware anymore, PBOT updates