Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-22R136a1Dominik Reichel
@online{reichel:20230922:more:7b1d0a4, author = {Dominik Reichel}, title = {{More on DreamLand}}, date = {2023-09-22}, organization = {R136a1}, url = {https://r136a1.dev/2023/09/22/more-on-dreamland/}, language = {English}, urldate = {2023-09-28} } More on DreamLand
LuaDream
2022-07-19R136a1Dominik Reichel
@online{reichel:20220719:look:84e1e01, author = {Dominik Reichel}, title = {{A look into APT29's new early-stage Google Drive downloader}}, date = {2022-07-19}, organization = {R136a1}, url = {https://r136a1.info/2022/07/19/a-look-into-apt29s-new-early-stage-google-drive-downloader/}, language = {English}, urldate = {2022-10-19} } A look into APT29's new early-stage Google Drive downloader
BEATDROP BOOMBOX Gdrive Unidentified 098 (APT29 Slack Downloader)
2022-06-18R136a1Dominik Reichel
@online{reichel:20220618:using:791a20c, author = {Dominik Reichel}, title = {{Using dotnetfile to get a Sunburst timeline for intelligence gathering}}, date = {2022-06-18}, organization = {R136a1}, url = {https://r136a1.info/2022/06/18/using-dotnetfile-to-get-a-sunburst-timeline-for-intelligence-gathering/}, language = {English}, urldate = {2022-07-25} } Using dotnetfile to get a Sunburst timeline for intelligence gathering
SUNBURST
2022-05-22R136a1Dominik Reichel
@online{reichel:20220522:introduction:47edade, author = {Dominik Reichel}, title = {{Introduction of a PE file extractor for various situations}}, date = {2022-05-22}, organization = {R136a1}, url = {https://r136a1.info/2022/05/25/introduction-of-a-pe-file-extractor-for-various-situations/}, language = {English}, urldate = {2022-06-02} } Introduction of a PE file extractor for various situations
Cobalt Strike Matanbuchus
2020-01-24Github (TheEnergyStory)R136a1
@online{r136a1:20200124:project:668d490, author = {R136a1}, title = {{Project TajMahal IOCs and Registry Data Decrypter}}, date = {2020-01-24}, organization = {Github (TheEnergyStory)}, url = {https://github.com/TheEnergyStory/malware_analysis/tree/master/TajMahal}, language = {English}, urldate = {2020-01-27} } Project TajMahal IOCs and Registry Data Decrypter
Chaperone
2013-04-24R136a1
@online{r136a1:20130424:south:d6c223e, author = {R136a1}, title = {{South Korea Incident - New Malware samples}}, date = {2013-04-24}, url = {http://www.malware-reversing.com/2013/04/5-south-korea-incident-new-malware.html}, language = {English}, urldate = {2020-01-13} } South Korea Incident - New Malware samples
concealment_troy httpdropper http_troy
2012-12-15Malware Reversing BlogR136a1
@online{r136a1:20121215:disclosure:c36a5a8, author = {R136a1}, title = {{Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1)}}, date = {2012-12-15}, organization = {Malware Reversing Blog}, url = {http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware.html}, language = {English}, urldate = {2020-01-06} } Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1)
Coreshell
2012-12-15R136a1
@online{r136a1:20121215:disclosure:fdfe8f2, author = {R136a1}, title = {{Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2)}}, date = {2012-12-15}, url = {http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_15.html}, language = {English}, urldate = {2019-12-31} } Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2)
Sedreco