Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-23OALabsSergei Frankoff
@online{frankoff:20230423:in2al5dp3in4er:7117c1b, author = {Sergei Frankoff}, title = {{in2al5dp3in4er Loader}}, date = {2023-04-23}, organization = {OALabs}, url = {https://research.openanalysis.net/in2al5dp3in4er/loader/analysis/sandbox/invalid%20printer/2023/04/23/in2al5dp3in4er.html}, language = {English}, urldate = {2023-05-02} } in2al5dp3in4er Loader
Aurora Stealer
2023-04-20OALabsSergei Frankoff
@online{frankoff:20230420:cryptnet:17135c2, author = {Sergei Frankoff}, title = {{CryptNET Ransomware}}, date = {2023-04-20}, organization = {OALabs}, url = {https://research.openanalysis.net/dotnet/cryptnet/ransomware/2023/04/20/cryptnet.html}, language = {English}, urldate = {2023-05-02} } CryptNET Ransomware
CryptNET
2023-04-16OALabsSergei Frankoff
@online{frankoff:20230416:xorstringsnet:79d9991, author = {Sergei Frankoff}, title = {{XORStringsNet}}, date = {2023-04-16}, organization = {OALabs}, url = {https://research.openanalysis.net/dotnet/xorstringsnet/agenttesla/2023/04/16/xorstringsnet.html}, language = {English}, urldate = {2023-05-02} } XORStringsNet
Agent Tesla RedLine Stealer
2023-04-13OALabsSergei Frankoff
@online{frankoff:20230413:quasar:3ad6058, author = {Sergei Frankoff}, title = {{Quasar Chaos: Open Source Ransomware Meets Open Source RAT}}, date = {2023-04-13}, organization = {OALabs}, url = {https://research.openanalysis.net/quasar/chaos/rat/ransomware/2023/04/13/quasar-chaos.html}, language = {English}, urldate = {2023-05-02} } Quasar Chaos: Open Source Ransomware Meets Open Source RAT
Chaos Quasar RAT
2023-04-06OALabsSergei Frankoff
@online{frankoff:20230406:photoloader:76a4798, author = {Sergei Frankoff}, title = {{PhotoLoader ICEDID}}, date = {2023-04-06}, organization = {OALabs}, url = {https://research.openanalysis.net/icedid/bokbot/photoloader/config/2023/04/06/photoloader.html}, language = {English}, urldate = {2023-05-02} } PhotoLoader ICEDID
PhotoLoader
2023-04-02OALabsSergei Frankoff
@online{frankoff:20230402:aresloader:c216327, author = {Sergei Frankoff}, title = {{AresLoader Taking a closer look at this new loader}}, date = {2023-04-02}, organization = {OALabs}, url = {https://research.openanalysis.net/ares/aresloader/loader/2023/04/02/aresloader.html}, language = {English}, urldate = {2023-04-22} } AresLoader Taking a closer look at this new loader
AresLoader
2023-03-30OALabsSergei Frankoff
@online{frankoff:20230330:3cx:244fb6e, author = {Sergei Frankoff}, title = {{3CX Supply Chain Attack}}, date = {2023-03-30}, organization = {OALabs}, url = {https://research.openanalysis.net/3cx/northkorea/apt/triage/2023/03/30/3cx-malware.html#Functionality}, language = {English}, urldate = {2023-04-06} } 3CX Supply Chain Attack
3CX Backdoor
2023-03-16OALabsSergei Frankoff
@online{frankoff:20230316:cryptbot:9cd940b, author = {Sergei Frankoff}, title = {{CryptBot}}, date = {2023-03-16}, organization = {OALabs}, url = {https://research.openanalysis.net/cryptbot/botnet/yara/config/2023/03/16/cryptbot.html}, language = {English}, urldate = {2023-05-02} } CryptBot
CryptBot
2023-02-12Youtube (OALabs)Sergei Frankoff, Fabian Wosar
@online{frankoff:20230212:esxiargs:442f901, author = {Sergei Frankoff and Fabian Wosar}, title = {{ESXiArgs Ransomware Analysis with @fwosar}}, date = {2023-02-12}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=bBcvqxPdjoI}, language = {English}, urldate = {2023-02-13} } ESXiArgs Ransomware Analysis with @fwosar
ESXiArgs
2022-08-25OALabsSergei Frankoff
@online{frankoff:20220825:smokeloader:d02283f, author = {Sergei Frankoff}, title = {{SmokeLoader Triage Taking a look how Smoke Loader works}}, date = {2022-08-25}, organization = {OALabs}, url = {https://research.openanalysis.net/smoke/smokeloader/loader/config/yara/triage/2022/08/25/smokeloader.html}, language = {English}, urldate = {2022-08-31} } SmokeLoader Triage Taking a look how Smoke Loader works
SmokeLoader
2022-06-19OALabsSergei Frankoff
@online{frankoff:20220619:matanbuchus:0a0a9dc, author = {Sergei Frankoff}, title = {{Matanbuchus Triage Notes}}, date = {2022-06-19}, organization = {OALabs}, url = {https://research.openanalysis.net/matanbuchus/loader/yara/triage/dumpulator/emulation/2022/06/19/matanbuchus-triage.html}, language = {English}, urldate = {2022-06-27} } Matanbuchus Triage Notes
Matanbuchus
2022-05-12OALabsSergei Frankoff
@online{frankoff:20220512:taking:8bf052d, author = {Sergei Frankoff}, title = {{Taking a look at Bumblebee loader}}, date = {2022-05-12}, organization = {OALabs}, url = {https://research.openanalysis.net/bumblebee/malware/loader/unpacking/2022/05/12/bumblebee_loader.html}, language = {English}, urldate = {2022-05-17} } Taking a look at Bumblebee loader
BumbleBee
2022-03-02Youtube (OALabs)Sergei Frankoff, Sean Wilson
@online{frankoff:20220302:botleggers:1cb3ac9, author = {Sergei Frankoff and Sean Wilson}, title = {{Botleggers Exposed - Analysis of The Conti Leaks Malware}}, date = {2022-03-02}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=uORuVVQzZ0A}, language = {English}, urldate = {2022-03-07} } Botleggers Exposed - Analysis of The Conti Leaks Malware
Conti
2022-02-01Youtube (OALabs)OALabs
@online{oalabs:20220201:how:5af03e0, author = {OALabs}, title = {{How To Unpack VMProtect 3 (x64) Night Sky Ransomware With VMPDump [Patreon Unlocked]}}, date = {2022-02-01}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=Yzt_zOO8pDM}, language = {English}, urldate = {2022-02-02} } How To Unpack VMProtect 3 (x64) Night Sky Ransomware With VMPDump [Patreon Unlocked]
NightSky
2022-01-21Github (OALabs)OALabs
@online{oalabs:20220121:whispergate:e235152, author = {OALabs}, title = {{WhisperGate Malware}}, date = {2022-01-21}, organization = {Github (OALabs)}, url = {https://github.com/OALabs/Lab-Notes/blob/main/WhisperGate/WhisperGate.ipynb}, language = {English}, urldate = {2022-01-25} } WhisperGate Malware
WhisperGate
2021-11-22Youtube (OALabs)c3rb3ru5d3d53c, Sergei Frankoff
@online{c3rb3ru5d3d53c:20211122:introduction:1daa38b, author = {c3rb3ru5d3d53c and Sergei Frankoff}, title = {{Introduction To Binlex A Binary Trait Lexer Library and Utility - Machine Learning First Steps...}}, date = {2021-11-22}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=hgz5gZB3DxE}, language = {English}, urldate = {2021-11-29} } Introduction To Binlex A Binary Trait Lexer Library and Utility - Machine Learning First Steps...
Karma
2021-10-04Github (OALabs)OALabs
@online{oalabs:20211004:reverse:470cd80, author = {OALabs}, title = {{Reverse engineered the Hancitor DLL and built a static config extractor}}, date = {2021-10-04}, organization = {Github (OALabs)}, url = {https://github.com/OALabs/Lab-Notes/blob/main/Hancitor/hancitor.ipynb}, language = {English}, urldate = {2021-12-02} } Reverse engineered the Hancitor DLL and built a static config extractor
Hancitor
2021-09-27Youtube (OALabs)Sergei Frankoff
@online{frankoff:20210927:live:83ccb1f, author = {Sergei Frankoff}, title = {{Live Coding A Squirrelwaffle Malware Config Extractor}}, date = {2021-09-27}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=9X2P7aFKSw0}, language = {English}, urldate = {2021-10-05} } Live Coding A Squirrelwaffle Malware Config Extractor
Squirrelwaffle
2021-08-10Youtube (OALabs)OALabs
@online{oalabs:20210810:leaked:4d4be75, author = {OALabs}, title = {{Leaked Conti Ransomware Playbook - Red Team Reacts}}, date = {2021-08-10}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=hmaWy9QIC7c}, language = {English}, urldate = {2021-08-25} } Leaked Conti Ransomware Playbook - Red Team Reacts
Conti
2021-07-31Youtube (OALabs)Sergei Frankoff
@online{frankoff:20210731:python3:e022fc4, author = {Sergei Frankoff}, title = {{Python3 Tips For Reverse Engineers}}, date = {2021-07-31}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=TrAwfQlfDd8}, language = {English}, urldate = {2021-08-02} } Python3 Tips For Reverse Engineers