Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-14Medium walmartglobaltechJason Reaves
@online{reaves:20211014:investigation:29ef29c, author = {Jason Reaves}, title = {{Investigation into the state of NIM malware Part 2}}, date = {2021-10-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-part-2-a28bffffa671}, language = {English}, urldate = {2021-12-15} } Investigation into the state of NIM malware Part 2
Cobalt Strike NimGrabber Nimrev Unidentified 088 (Nim Ransomware)
2021-09-07Medium walmartglobaltechJason Reaves
@online{reaves:20210907:decoding:bb6bf8e, author = {Jason Reaves}, title = {{Decoding SmartAssembly strings, a Haron ransomware case study}}, date = {2021-09-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decoding-smartassembly-strings-a-haron-ransomware-case-study-9d0c5af7080b}, language = {English}, urldate = {2021-09-09} } Decoding SmartAssembly strings, a Haron ransomware case study
Haron Ransomware
2021-08-19Medium walmartglobaltechJason Reaves
@online{reaves:20210819:looking:361ca2d, author = {Jason Reaves}, title = {{Looking at the new Krypton crypter and recent Data Exfiltrator Samples}}, date = {2021-08-19}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/looking-at-the-new-krypton-crypter-and-recent-data-exfiltrator-samples-4c484875cf70}, language = {English}, urldate = {2021-09-06} } Looking at the new Krypton crypter and recent Data Exfiltrator Samples
2021-07-30Medium walmartglobaltechJason Reaves
@online{reaves:20210730:decrypting:0b08389, author = {Jason Reaves}, title = {{Decrypting BazarLoader strings with a Unicorn}}, date = {2021-07-30}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/decrypting-bazarloader-strings-with-a-unicorn-15d2585272a9}, language = {English}, urldate = {2021-08-02} } Decrypting BazarLoader strings with a Unicorn
BazarBackdoor
2021-07-08Medium walmartglobaltechJason Reaves, Harold Ogden
@online{reaves:20210708:amadey:0deeb3d, author = {Jason Reaves and Harold Ogden}, title = {{Amadey stealer plugin adds Mikrotik and Outlook harvesting}}, date = {2021-07-08}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/amadey-stealer-plugin-adds-mikrotik-and-outlook-harvesting-518efe724ce4}, language = {English}, urldate = {2021-07-11} } Amadey stealer plugin adds Mikrotik and Outlook harvesting
Amadey
2021-07-06Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20210706:ta505:35e0dbc, author = {Jason Reaves and Joshua Platt}, title = {{TA505 adds GoLang crypter for delivering miners and ServHelper}}, date = {2021-07-06}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/ta505-adds-golang-crypter-for-delivering-miners-and-servhelper-af70b26a6e56}, language = {English}, urldate = {2021-07-11} } TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper
2021-06-07Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210607:inside:6c363a7, author = {Joshua Platt and Jason Reaves}, title = {{Inside the SystemBC Malware-As-A-Service}}, date = {2021-06-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6}, language = {English}, urldate = {2021-06-08} } Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot
2021-05-03Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210503:buerloader:2aa3e3f, author = {Joshua Platt and Jason Reaves}, title = {{BuerLoader Updates}}, date = {2021-05-03}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/buerloader-updates-3e34c1949b96}, language = {English}, urldate = {2021-05-04} } BuerLoader Updates
Buer
2021-04-20Medium walmartglobaltechJason Reaves
@online{reaves:20210420:cobaltstrike:d18d4c4, author = {Jason Reaves}, title = {{CobaltStrike Stager Utilizing Floating Point Math}}, date = {2021-04-20}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-stager-utilizing-floating-point-math-9bc13f9b9718}, language = {English}, urldate = {2021-04-20} } CobaltStrike Stager Utilizing Floating Point Math
Cobalt Strike
2021-04-09Medium walmartglobaltechJason Reaves
@online{reaves:20210409:relook:ab87230, author = {Jason Reaves}, title = {{A Relook at the TerraLoader Dropper DLL}}, date = {2021-04-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/a-re-look-at-the-terraloader-dropper-dll-e5947ad6e244}, language = {English}, urldate = {2021-04-12} } A Relook at the TerraLoader Dropper DLL
TerraLoader
2021-04-07Medium walmartglobaltechJason Reaves
@online{reaves:20210407:not:c28aeef, author = {Jason Reaves}, title = {{Not your same old adware anymore, PBOT updates}}, date = {2021-04-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/not-your-same-old-adware-anymore-pbot-updates-6d43b159ab35}, language = {English}, urldate = {2021-04-09} } Not your same old adware anymore, PBOT updates
2021-04-05Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20210405:trickbot:a6b0592, author = {Jason Reaves and Joshua Platt}, title = {{TrickBot Crews New CobaltStrike Loader}}, date = {2021-04-05}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/trickbot-crews-new-cobaltstrike-loader-32c72b78e81c}, language = {English}, urldate = {2021-04-06} } TrickBot Crews New CobaltStrike Loader
Cobalt Strike TrickBot
2021-03-05Medium walmartglobaltechJason Reaves
@online{reaves:20210305:look:71fca27, author = {Jason Reaves}, title = {{A look at an Android bot from unpacking to DGA}}, date = {2021-03-05}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/a-look-at-an-android-bot-from-unpacking-to-dga-e331554f9fb9}, language = {English}, urldate = {2021-03-11} } A look at an Android bot from unpacking to DGA
FluBot
2021-03-01Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210301:nimar:c26af08, author = {Joshua Platt and Jason Reaves}, title = {{Nimar Loader}}, date = {2021-03-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/nimar-loader-4f61c090c49e}, language = {English}, urldate = {2021-03-04} } Nimar Loader
BazarBackdoor BazarNimrod Cobalt Strike
2021-03-01Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210301:investigation:a7851d5, author = {Joshua Platt and Jason Reaves}, title = {{Investigation into the state of Nim malware}}, date = {2021-03-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-14cc543af811}, language = {English}, urldate = {2021-03-04} } Investigation into the state of Nim malware
BazarNimrod Cobalt Strike
2021-01-20Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20210120:anchor:b1e153f, author = {Jason Reaves and Joshua Platt}, title = {{Anchor and Lazarus together again?}}, date = {2021-01-20}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/anchor-and-lazarus-together-again-24744e516607}, language = {English}, urldate = {2021-01-21} } Anchor and Lazarus together again?
Anchor TrickBot
2021-01-12Medium walmartglobaltechJason Reaves
@online{reaves:20210112:deofuscating:8fec60d, author = {Jason Reaves}, title = {{De-ofuscating GoLang Functions}}, date = {2021-01-12}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/de-ofuscating-golang-functions-93f610f4fb76}, language = {English}, urldate = {2021-01-21} } De-ofuscating GoLang Functions
2021-01-10Medium walmartglobaltechJason Reaves
@online{reaves:20210110:man1:54a4162, author = {Jason Reaves}, title = {{MAN1, Moskal, Hancitor and a side of Ransomware}}, date = {2021-01-10}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/man1-moskal-hancitor-and-a-side-of-ransomware-d77b4d991618}, language = {English}, urldate = {2021-01-11} } MAN1, Moskal, Hancitor and a side of Ransomware
Cobalt Strike Hancitor SendSafe VegaLocker
2020-05-31Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20200531:wastedloader:c37b988, author = {Jason Reaves and Joshua Platt}, title = {{WastedLoader or DridexLoader?}}, date = {2020-05-31}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/wastedloader-or-dridexloader-4f47c9b3ae77}, language = {English}, urldate = {2021-06-09} } WastedLoader or DridexLoader?
Dridex WastedLocker