Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-19Jiří Vinopal
@online{vinopal:20230719:byos:c1c7bff, author = {Jiří Vinopal}, title = {{BYOS – Bundle Your Own Stealer}}, date = {2023-07-19}, url = {https://research.checkpoint.com/2023/byos-bundle-your-own-stealer/}, language = {English}, urldate = {2023-07-20} } BYOS – Bundle Your Own Stealer
BundleBot
2023-04-04Check Point ResearchJiří Vinopal
@online{vinopal:20230404:rorschach:ab54ad3, author = {Jiří Vinopal}, title = {{Rorschach – A New Sophisticated and Fast Ransomware}}, date = {2023-04-04}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/}, language = {English}, urldate = {2023-04-06} } Rorschach – A New Sophisticated and Fast Ransomware
Rorschach Ransomware
2023-03-15Check Point ResearchJiří Vinopal
@online{vinopal:20230315:dotrunpex:6491e1e, author = {Jiří Vinopal}, title = {{DotRunPEX - Demystifying New Virtualized .NET Injector used in the Wild}}, date = {2023-03-15}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/}, language = {English}, urldate = {2023-03-20} } DotRunPEX - Demystifying New Virtualized .NET Injector used in the Wild
2022-12-12CheckpointJiří Vinopal
@online{vinopal:20221212:pulling:7b5315a, author = {Jiří Vinopal}, title = {{Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper}}, date = {2022-12-12}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper/}, language = {English}, urldate = {2022-12-13} } Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper
Azov Wiper
2022-09-21Check PointJiří Vinopal
@online{vinopal:20220921:native:e68056c, author = {Jiří Vinopal}, title = {{Native function and Assembly Code Invocation}}, date = {2022-09-21}, organization = {Check Point}, url = {https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/}, language = {English}, urldate = {2022-09-26} } Native function and Assembly Code Invocation
MiniDuke
2022-05-16Github (Dump-GUY)Jiří Vinopal
@online{vinopal:20220516:malware:f716c6a, author = {Jiří Vinopal}, title = {{Malware Analysis Report – APT29 C2-Client Dropbox Loader}}, date = {2022-05-16}, organization = {Github (Dump-GUY)}, url = {https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/APT29_C2-Client_Dropbox_Loader/APT29-DropboxLoader_analysis.md}, language = {English}, urldate = {2022-05-25} } Malware Analysis Report – APT29 C2-Client Dropbox Loader
Unidentified 099 (APT29 Dropbox Loader)
2022-04-28Twitter (@vinopaljiri)Jiří Vinopal
@online{vinopal:20220428:onyx:b2312e0, author = {Jiří Vinopal}, title = {{#ONYX Ransomware is based on #Chaos Ransomware Builderv4}}, date = {2022-04-28}, organization = {Twitter (@vinopaljiri)}, url = {https://twitter.com/vinopaljiri/status/1519645742440329216}, language = {English}, urldate = {2022-05-03} } #ONYX Ransomware is based on #Chaos Ransomware Builderv4
Chaos
2022-01-17Github (Dump-GUY)Jiří Vinopal
@online{vinopal:20220117:debugging:d4899ec, author = {Jiří Vinopal}, title = {{Debugging MBR - IDA + Bochs Emulator (CTF example)}}, date = {2022-01-17}, organization = {Github (Dump-GUY)}, url = {https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/Debugging%20MBR%20-%20IDA%20+%20Bochs%20Emulator/Debugging%20MBR%20-%20IDA%20+%20Bochs%20Emulator.md}, language = {English}, urldate = {2022-01-24} } Debugging MBR - IDA + Bochs Emulator (CTF example)
WhisperGate
2022-01-12Github (Dump-GUY)Jiří Vinopal
@online{vinopal:20220112:nightsky:a44e6b6, author = {Jiří Vinopal}, title = {{NightSky Ransomware – just a Rook RW fork in VMProtect suit}}, date = {2022-01-12}, organization = {Github (Dump-GUY)}, url = {https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md}, language = {English}, urldate = {2022-01-12} } NightSky Ransomware – just a Rook RW fork in VMProtect suit
Rook
2021-12-08YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211208:full:4bf6148, author = {Jiří Vinopal}, title = {{Full malware analysis Work-Flow of AgentTesla Malware}}, date = {2021-12-08}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/QQuRp7Qiuzg}, language = {English}, urldate = {2021-12-08} } Full malware analysis Work-Flow of AgentTesla Malware
Agent Tesla
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:37baf25, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/hxaeWyK8gMI}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]
Agent Tesla
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:b15c355, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/BM38OshcozE}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]
Agent Tesla
2021-10-30YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211030:reversing:ce96b92, author = {Jiří Vinopal}, title = {{Reversing CryptoCrazy Ransomware - PoC Decryptor and some Tricks}}, date = {2021-10-30}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/oYLs6wuoOfg}, language = {English}, urldate = {2021-11-26} } Reversing CryptoCrazy Ransomware - PoC Decryptor and some Tricks
Povlsomware
2021-08-23YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20210823:2:0b5dba8, author = {Jiří Vinopal}, title = {{[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite}}, date = {2021-08-23}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://www.youtube.com/watch?v=N0wAh26wShE}, language = {English}, urldate = {2021-08-25} } [2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite
CloudEyE Loki Password Stealer (PWS)
2021-07-15YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20210715:fast:b8dead4, author = {Jiří Vinopal}, title = {{Fast API resolving of REvil Ransomware related to Kaseya attack}}, date = {2021-07-15}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://www.youtube.com/watch?v=QYQQUUpU04s}, language = {English}, urldate = {2021-07-20} } Fast API resolving of REvil Ransomware related to Kaseya attack
REvil
2021-07-07YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20210707:2:85ce7e9, author = {Jiří Vinopal}, title = {{[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python}}, date = {2021-07-07}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://www.youtube.com/watch?v=-FxyzuRv6Wg}, language = {English}, urldate = {2021-07-20} } [2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python
CloudEyE Loki Password Stealer (PWS)
2021-07-06YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20210706:1:be25f45, author = {Jiří Vinopal}, title = {{[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2}}, date = {2021-07-06}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://www.youtube.com/watch?v=K3Yxu_9OUxU}, language = {English}, urldate = {2021-07-20} } [1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2
CloudEyE Loki Password Stealer (PWS)
2021-03-11YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)Jiří Vinopal
@online{vinopal:20210311:formbook:31931b9, author = {Jiří Vinopal}, title = {{Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]}}, date = {2021-03-11}, organization = {YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)}, url = {https://youtu.be/aQwnHIlGSBM}, language = {English}, urldate = {2021-03-12} } Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]
Formbook
2021-03-01YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)Jiří Vinopal
@online{vinopal:20210301:ryuk:333699d, author = {Jiří Vinopal}, title = {{Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction}}, date = {2021-03-01}, organization = {YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)}, url = {https://www.youtube.com/watch?v=Of_KjNG9DHc}, language = {English}, urldate = {2021-03-02} } Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction
Ryuk
2021-02-22YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)Jiří Vinopal
@online{vinopal:20210222:ryuk:e9c5fb4, author = {Jiří Vinopal}, title = {{Ryuk Ransomware API Resolving in 10 minutes}}, date = {2021-02-22}, organization = {YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)}, url = {https://www.youtube.com/watch?v=7xxRunBP5XA}, language = {English}, urldate = {2021-02-25} } Ryuk Ransomware API Resolving in 10 minutes
Ryuk