Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-30Medium walmartglobaltechJason Reaves
@online{reaves:20230830:gazavat:1f8a081, author = {Jason Reaves}, title = {{Gazavat / Expiro DMSniff connection and DGA analysis}}, date = {2023-08-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/gazavat-expiro-dmsniff-connection-and-dga-analysis-8b965cc0221d}, language = {English}, urldate = {2023-08-31} } Gazavat / Expiro DMSniff connection and DGA analysis
DMSniff Expiro
2023-07-18Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
@online{reaves:20230718:nemesisproject:daa35d0, author = {Jason Reaves and Jonathan Mccay and Joshua Platt}, title = {{NemesisProject}}, date = {2023-07-18}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/nemesisproject-816ed5c1e8d5}, language = {English}, urldate = {2023-07-19} } NemesisProject
Nemesis
2023-05-09Medium walmartglobaltechJason Reaves, Joshua Platt, Jonathan Mccay
@online{reaves:20230509:metastealer:11ef397, author = {Jason Reaves and Joshua Platt and Jonathan Mccay}, title = {{MetaStealer string decryption and DGA overview}}, date = {2023-05-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/metastealer-string-decryption-and-dga-overview-5f38f76830cd}, language = {English}, urldate = {2023-05-11} } MetaStealer string decryption and DGA overview
MetaStealer
2023-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20230310:from:6bceb30, author = {Jason Reaves and Joshua Platt}, title = {{From Royal With Love}}, date = {2023-03-10}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/from-royal-with-love-88fa05ff7f65}, language = {English}, urldate = {2023-03-13} } From Royal With Love
Cobalt Strike Conti PLAY Royal Ransom Somnia
2023-02-24Medium walmartglobaltechJason Reaves, Joshua Platt, Jonathan Mccay, Kirk Sayre
@online{reaves:20230224:qbot:771bf3d, author = {Jason Reaves and Joshua Platt and Jonathan Mccay and Kirk Sayre}, title = {{Qbot testing malvertising campaigns?}}, date = {2023-02-24}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/qbot-testing-malvertising-campaigns-3e2552cbc69a}, language = {English}, urldate = {2023-02-27} } Qbot testing malvertising campaigns?
QakBot
2022-10-25Medium walmartglobaltechJason Reaves
@online{reaves:20221025:brute:3e3f821, author = {Jason Reaves}, title = {{Brute Ratel Config Decoding update}}, date = {2022-10-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/brute-ratel-config-decoding-update-7820455022cb}, language = {English}, urldate = {2023-01-31} } Brute Ratel Config Decoding update
Brute Ratel C4
2022-09-30Medium walmartglobaltechJason Reaves, Jonathan Mccay
@online{reaves:20220930:diavol:d72ab2a, author = {Jason Reaves and Jonathan Mccay}, title = {{Diavol resurfaces}}, date = {2022-09-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-resurfaces-91dd93c7d922}, language = {English}, urldate = {2022-10-05} } Diavol resurfaces
Diavol
2022-08-11Medium walmartglobaltechJason Reaves
@online{reaves:20220811:state:ef0fd3c, author = {Jason Reaves}, title = {{State of the Remote Access Tools, Part 1}}, date = {2022-08-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2f}, language = {English}, urldate = {2022-09-12} } State of the Remote Access Tools, Part 1
2022-08-09Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220809:pivoting:7afbaea, author = {Jason Reaves and Joshua Platt}, title = {{Pivoting on a SharpExt to profile Kimusky panels for great good}}, date = {2022-08-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/pivoting-on-a-sharpext-to-profile-kimusky-panels-for-great-good-1920dc1bcef9}, language = {English}, urldate = {2023-02-06} } Pivoting on a SharpExt to profile Kimusky panels for great good
Kimsuky
2022-08-04Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20220804:icedid:546c931, author = {Joshua Platt and Jason Reaves}, title = {{IcedID leverages PrivateLoader}}, date = {2022-08-04}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/icedid-leverages-privateloader-7744771bf87f}, language = {English}, urldate = {2022-08-11} } IcedID leverages PrivateLoader
IcedID PrivateLoader
2022-06-02Twitter (@sysopfb)Jason Reaves
@online{reaves:20220602:tweets:b70da25, author = {Jason Reaves}, title = {{Tweets on UpdateAgent - GolangVersion}}, date = {2022-06-02}, organization = {Twitter (@sysopfb)}, url = {https://twitter.com/sysopfb/status/1532442456343691273}, language = {English}, urldate = {2022-06-04} } Tweets on UpdateAgent - GolangVersion
UpdateAgent
2022-05-25Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220525:socgholish:f876e0e, author = {Jason Reaves and Joshua Platt}, title = {{SocGholish Campaigns and Initial Access Kit}}, date = {2022-05-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee}, language = {English}, urldate = {2022-06-02} } SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT
2022-04-15Medium walmartglobaltechJason Reaves
@online{reaves:20220415:revisiting:94c149c, author = {Jason Reaves}, title = {{Revisiting BatLoader C2 structure}}, date = {2022-04-15}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/revisiting-batloader-c2-structure-52f46ff9893a}, language = {English}, urldate = {2023-01-31} } Revisiting BatLoader C2 structure
BATLOADER
2022-03-28Medium walmartglobaltechJason Reaves
@online{reaves:20220328:cobaltstrike:65362d3, author = {Jason Reaves}, title = {{CobaltStrike UUID stager}}, date = {2022-03-28}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-uuid-stager-ca7e82f7bb64}, language = {English}, urldate = {2022-04-05} } CobaltStrike UUID stager
Cobalt Strike
2022-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220310:diavol:2a6514a, author = {Jason Reaves and Joshua Platt}, title = {{Diavol the Enigma of Ransomware}}, date = {2022-03-10}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-the-enigma-of-ransomware-1fd78ffda648}, language = {English}, urldate = {2022-03-14} } Diavol the Enigma of Ransomware
Diavol
2022-03-04Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220304:systembc:e808a92, author = {Jason Reaves and Joshua Platt}, title = {{SystemBC, PowerShell version}}, date = {2022-03-04}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/systembc-powershell-version-68c9aad0f85c}, language = {English}, urldate = {2023-07-31} } SystemBC, PowerShell version
SystemBC
2022-02-14Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220214:privateloader:e7e062e, author = {Jason Reaves and Joshua Platt}, title = {{PrivateLoader to Anubis Loader}}, date = {2022-02-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e}, language = {English}, urldate = {2022-08-05} } PrivateLoader to Anubis Loader
Anubis Loader PrivateLoader
2022-02-01Medium walmartglobaltechJoshua Platt, Jonathan Mccay, Jason Reaves
@online{platt:20220201:sugar:ba25cd3, author = {Joshua Platt and Jonathan Mccay and Jason Reaves}, title = {{Sugar Ransomware, a new RaaS}}, date = {2022-02-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb}, language = {English}, urldate = {2022-02-02} } Sugar Ransomware, a new RaaS
Sugar
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220111:signed:0f32583, author = {Jason Reaves and Joshua Platt}, title = {{Signed DLL campaigns as a service}}, date = {2022-01-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/signed-dll-campaigns-as-a-service-7760ac676489}, language = {English}, urldate = {2023-01-31} } Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader
2021-10-14Medium walmartglobaltechJason Reaves
@online{reaves:20211014:investigation:29ef29c, author = {Jason Reaves}, title = {{Investigation into the state of NIM malware Part 2}}, date = {2021-10-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-part-2-a28bffffa671}, language = {English}, urldate = {2021-12-15} } Investigation into the state of NIM malware Part 2
Cobalt Strike NimGrabber Nimrev Unidentified 088 (Nim Ransomware)