Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-14Twitter (@f0wlsec)Marius Genheimer
@online{genheimer:20211114:static:944e6c7, author = {Marius Genheimer}, title = {{A static config extractor for the main component of DanaBot}}, date = {2021-11-14}, organization = {Twitter (@f0wlsec)}, url = {https://twitter.com/f0wlsec/status/1459892481760411649}, language = {English}, urldate = {2021-11-19} } A static config extractor for the main component of DanaBot
DanaBot
2021-07-05Github (f0wl)Marius Genheimer
@online{genheimer:20210705:revil:7f67df1, author = {Marius Genheimer}, title = {{REvil Linux Configuration Extractor}}, date = {2021-07-05}, organization = {Github (f0wl)}, url = {https://github.com/f0wl/REconfig-linux}, language = {English}, urldate = {2021-07-05} } REvil Linux Configuration Extractor
REvil
2021-01-09Github (f0wl)Marius Genheimer
@online{genheimer:20210109:ezuriunpack:59f3343, author = {Marius Genheimer}, title = {{ezuri_unpack}}, date = {2021-01-09}, organization = {Github (f0wl)}, url = {https://github.com/f0wl/ezuri_unpack}, language = {English}, urldate = {2021-01-11} } ezuri_unpack
2020-12-23Dissecting MalwareMarius Genheimer
@online{genheimer:20201223:between:e482082, author = {Marius Genheimer}, title = {{Between a rock and a hard place - Exploring Mount Locker Ransomware}}, date = {2020-12-23}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/between-a-rock-and-a-hard-place-exploring-mount-locker-ransomware.html}, language = {English}, urldate = {2021-01-21} } Between a rock and a hard place - Exploring Mount Locker Ransomware
Mount Locker
2020-06-17Github (f0wl)Marius Genheimer
@online{genheimer:20200617:deicer:de78cca, author = {Marius Genheimer}, title = {{deICEr: A Go tool for extracting config from IcedID second stage Loaders}}, date = {2020-06-17}, organization = {Github (f0wl)}, url = {https://github.com/f0wl/deICEr}, language = {English}, urldate = {2020-06-18} } deICEr: A Go tool for extracting config from IcedID second stage Loaders
IcedID
2020-04-13Dissecting MalwareMarius Genheimer
@online{genheimer:20200413:blame:b258b2b, author = {Marius Genheimer}, title = {{The Blame Game - About False Flags and overwritten MBRs}}, date = {2020-04-13}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/the-blame-game-about-false-flags-and-overwritten-mbrs.html}, language = {English}, urldate = {2020-04-15} } The Blame Game - About False Flags and overwritten MBRs
Glupteba MBR Locker
2020-03-20Dissecting MalwareMarius Genheimer
@online{genheimer:20200320:jamba:9d5bb76, author = {Marius Genheimer}, title = {{Jamba Superdeal: Helo Sir, you want to buy mask? - Corona Safety Mask SMS Scam}}, date = {2020-03-20}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/jamba-superdeal-helo-sir-you-want-to-buy-mask-corona-safety-mask-sms-scam.html}, language = {English}, urldate = {2020-03-27} } Jamba Superdeal: Helo Sir, you want to buy mask? - Corona Safety Mask SMS Scam
Coronavirus Android Worm
2020-03-18Dissecting MalwareMarius Genheimer
@online{genheimer:20200318:why:545326b, author = {Marius Genheimer}, title = {{Why would you even bother?! - JavaLocker}}, date = {2020-03-18}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/why-would-you-even-bother-javalocker.html}, language = {English}, urldate = {2020-03-27} } Why would you even bother?! - JavaLocker
JavaLocker
2020-01-23Dissecting MalwareMarius Genheimer
@online{genheimer:20200123:opposite:b471c6b, author = {Marius Genheimer}, title = {{The Opposite of Fileless Malware - NodeJS Ransomware}}, date = {2020-01-23}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/the-opposite-of-fileless-malware-nodejs-ransomware.html}, language = {English}, urldate = {2020-03-27} } The Opposite of Fileless Malware - NodeJS Ransomware
NodeJS Ransomware
2020-01-09Dissecting MalwareMarius Genheimer
@online{genheimer:20200109:not:187b390, author = {Marius Genheimer}, title = {{Not so nice after all - Afrodita Ransomware}}, date = {2020-01-09}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/not-so-nice-after-all-afrodita-ransomware.html}, language = {English}, urldate = {2020-03-27} } Not so nice after all - Afrodita Ransomware
Afrodita
2020-01-02Dissecting MalwareMarius Genheimer
@online{genheimer:20200102:nice:266b137, author = {Marius Genheimer}, title = {{"Nice decorating. Let me guess, Satan?" - Dot / MZP Ransomware}}, date = {2020-01-02}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/nice-decorating-let-me-guess-satan-dot-mzp-ransomware.html}, language = {English}, urldate = {2020-03-27} } "Nice decorating. Let me guess, Satan?" - Dot / MZP Ransomware
Dot Ransomware
2019-12-23Dissecting MalwareMarius Genheimer
@online{genheimer:20191223:i:516e8d0, author = {Marius Genheimer}, title = {{I literally can't think of a fitting pun - MrDec Ransomware}}, date = {2019-12-23}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/i-literally-cant-think-of-a-fitting-pun-mrdec-ransomware.html}, language = {English}, urldate = {2020-03-27} } I literally can't think of a fitting pun - MrDec Ransomware
MrDec
2019-12-14Dissecting MalwareMarius Genheimer
@online{genheimer:20191214:another:7c9c60a, author = {Marius Genheimer}, title = {{Another one for the collection - Mespinoza (Pysa) Ransomware}}, date = {2019-12-14}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/another-one-for-the-collection-mespinoza-pysa-ransomware.html}, language = {English}, urldate = {2020-01-26} } Another one for the collection - Mespinoza (Pysa) Ransomware
Mespinoza
2019-12-11Dissecting MalwareMarius Genheimer
@online{genheimer:20191211:projectexe:72f2c37, author = {Marius Genheimer}, title = {{A "Project.exe" that should have stayed in a drawer - MZRevenge / MaMo434376}}, date = {2019-12-11}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/a-projectexe-that-should-have-stayed-in-a-drawer-mzrevenge-mamo434376.html}, language = {English}, urldate = {2020-03-27} } A "Project.exe" that should have stayed in a drawer - MZRevenge / MaMo434376
MZRevenge
2019-12-02Dissecting MalwareMarius Genheimer
@online{genheimer:20191202:god:79aa57d, author = {Marius Genheimer}, title = {{God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor}}, date = {2019-12-02}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/god-save-the-queen-cause-ransom-is-money-savethequeen-encryptor.html}, language = {English}, urldate = {2020-03-27} } God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor
2019-11-19Dissecting MalwareMarius Genheimer
@online{genheimer:20191119:quick:b7c4538, author = {Marius Genheimer}, title = {{Quick and painless - Reversing DeathRansom / "Wacatac"}}, date = {2019-11-19}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/quick-and-painless-reversing-deathransom-wacatac.html}, language = {English}, urldate = {2020-03-27} } Quick and painless - Reversing DeathRansom / "Wacatac"
DeathRansom
2019-11-05Dissecting MalwareMarius Genheimer
@online{genheimer:20191105:try:3aafee6, author = {Marius Genheimer}, title = {{Try not to stare - MedusaLocker at a glance}}, date = {2019-11-05}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/try-not-to-stare-medusalocker-at-a-glance.html}, language = {English}, urldate = {2020-03-27} } Try not to stare - MedusaLocker at a glance
MedusaLocker
2019-10-29Dissecting MalwareMarius Genheimer
@online{genheimer:20191029:osiris:55e249f, author = {Marius Genheimer}, title = {{Osiris, the god of afterlife...and banking malware?!}}, date = {2019-10-29}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/osiris-the-god-of-afterlifeand-banking-malware.html}, language = {English}, urldate = {2020-03-27} } Osiris, the god of afterlife...and banking malware?!
Kronos
2019-10-26Dissecting MalwareMarius Genheimer
@online{genheimer:20191026:earnquickbtcwithhiddentearmp4:b77f350, author = {Marius Genheimer}, title = {{Earn-quick-BTC-with-Hiddentear.mp4 / About Open Source Ransomware}}, date = {2019-10-26}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/earn-quick-btc-with-hiddentearmp4-about-open-source-ransomware.html}, language = {English}, urldate = {2020-03-27} } Earn-quick-BTC-with-Hiddentear.mp4 / About Open Source Ransomware
HiddenTear
2019-10-02Dissecting MalwareMarius Genheimer
@online{genheimer:20191002:nicht:20adbf8, author = {Marius Genheimer}, title = {{Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)}}, date = {2019-10-02}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/nicht-so-goot-breaking-down-gootkit-and-jasper-ftcode.html}, language = {English}, urldate = {2020-03-27} } Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)
FTCODE JasperLoader GootKit