Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-26CrowdStrikeEric Loui, Sergei Frankoff
@online{loui:20210226:hypervisor:8dadf9c, author = {Eric Loui and Sergei Frankoff}, title = {{Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact}}, date = {2021-02-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout}, language = {English}, urldate = {2021-03-02} } Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
RansomEXX Griffon Carbanak Cobalt Strike IcedID MimiKatz PyXie RansomEXX REvil
2021-01-27Youtube (OALabs)Sergei Frankoff
@online{frankoff:20210127:ida:15a720f, author = {Sergei Frankoff}, title = {{IDA Pro Decompiler Basics Microcode and x86 Calling Conventions}}, date = {2021-01-27}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=T0tdj1WDioM}, language = {English}, urldate = {2021-01-27} } IDA Pro Decompiler Basics Microcode and x86 Calling Conventions
Ave Maria
2020-12-10Youtube (OALabs)Sergei Frankoff
@online{frankoff:20201210:malware:0a70511, author = {Sergei Frankoff}, title = {{Malware Triage Analyzing PrnLoader Used To Drop Emotet}}, date = {2020-12-10}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=5_-oR_135ss}, language = {English}, urldate = {2020-12-18} } Malware Triage Analyzing PrnLoader Used To Drop Emotet
Emotet
2020-07-13Youtube (OALabs)Sergei Frankoff, OALabs
@online{frankoff:20200713:how:fd519be, author = {Sergei Frankoff and OALabs}, title = {{How To Sinkhole A Botnet}}, date = {2020-07-13}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=FAFuSO9oAl0}, language = {English}, urldate = {2020-07-16} } How To Sinkhole A Botnet
Hamweq
2020-05-30Youtube (OALabs)Sergei Frankoff
@online{frankoff:20200530:irc:a711f6e, author = {Sergei Frankoff}, title = {{IRC Botnet Reverse Engineering Part 1 - Preparing Binary for Analysis in IDA PRO}}, date = {2020-05-30}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=JPvcLLYR0tE}, language = {English}, urldate = {2020-06-05} } IRC Botnet Reverse Engineering Part 1 - Preparing Binary for Analysis in IDA PRO
Hamweq
2020-01-26Youtube (OALabs)Sergei Frankoff, Sean Wilson
@online{frankoff:20200126:ida:a8194b4, author = {Sergei Frankoff and Sean Wilson}, title = {{IDA Pro Automated String Decryption For REvil Ransomware}}, date = {2020-01-26}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=l2P5CMH9TE0}, language = {English}, urldate = {2020-01-27} } IDA Pro Automated String Decryption For REvil Ransomware
REvil
2019-08-22Youtube (OALabs)Sergei Frankoff
@online{frankoff:20190822:remcos:b86c5bd, author = {Sergei Frankoff}, title = {{Remcos RAT Unpacked From VB6 With x64dbg Debugger}}, date = {2019-08-22}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=DIH4SvKuktM}, language = {English}, urldate = {2020-01-10} } Remcos RAT Unpacked From VB6 With x64dbg Debugger
Remcos
2019-07-12CrowdStrikeBrett Stone-Gross, Sergei Frankoff, Bex Hartley
@online{stonegross:20190712:bitpaymer:113a037, author = {Brett Stone-Gross and Sergei Frankoff and Bex Hartley}, title = {{BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0}}, date = {2019-07-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/}, language = {English}, urldate = {2020-04-25} } BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
DoppelPaymer Dridex FriedEx
2019-05-05Youtube (LiveOverflow)LiveOverflow, Sergei Frankoff, Sean Wilson
@online{liveoverflow:20190505:unpacking:25df4ad, author = {LiveOverflow and Sergei Frankoff and Sean Wilson}, title = {{Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs}}, date = {2019-05-05}, organization = {Youtube (LiveOverflow)}, url = {https://www.youtube.com/watch?v=YXnNO3TipvM}, language = {English}, urldate = {2020-01-13} } Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs
RTM
2019-03-06CrowdStrikeBrendon Feeley, Bex Hartley, Sergei Frankoff
@online{feeley:20190306:pinchy:f5060bd, author = {Brendon Feeley and Bex Hartley and Sergei Frankoff}, title = {{PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware}}, date = {2019-03-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/pinchy-spider-adopts-big-game-hunting/}, language = {English}, urldate = {2019-12-20} } PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware
Gandcrab Phorpiex Pinchy Spider Zombie Spider
2018-11-14CrowdStrikeSergei Frankoff, Bex Hartley
@online{frankoff:20181114:big:723025d, author = {Sergei Frankoff and Bex Hartley}, title = {{Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware}}, date = {2018-11-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/}, language = {English}, urldate = {2019-12-20} } Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
FriedEx INDRIK SPIDER
2018-11-09Youtube (OALabs)Sean Wilson, Sergei Frankoff
@online{wilson:20181109:reverse:7e90205, author = {Sean Wilson and Sergei Frankoff}, title = {{Reverse Engineering IcedID / Bokbot Malware Part 2}}, date = {2018-11-09}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=7Dk7NkIbVqY}, language = {English}, urldate = {2019-07-09} } Reverse Engineering IcedID / Bokbot Malware Part 2
IcedID
2018-10-26Youtube (OALabs)Sergei Frankoff
@online{frankoff:20181026:unpacking:b6155cc, author = {Sergei Frankoff}, title = {{Unpacking Bokbot / IcedID Malware - Part 1}}, date = {2018-10-26}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=wObF9n2UIAM}, language = {English}, urldate = {2020-01-08} } Unpacking Bokbot / IcedID Malware - Part 1
IcedID
2018-05-20Youtube (OALabs)Sergei Frankoff
@online{frankoff:20180520:unpacking:7db8c96, author = {Sergei Frankoff}, title = {{Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg}}, date = {2018-05-20}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=QgUlPvEE4aw}, language = {English}, urldate = {2020-01-08} } Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg
GootKit
2018-03-12Github (herrcore)Sergei Frankoff
@online{frankoff:20180312:python:eb6b9f5, author = {Sergei Frankoff}, title = {{Python decryptor for newer AdWind config file}}, date = {2018-03-12}, organization = {Github (herrcore)}, url = {https://gist.github.com/herrcore/8336975475e88f9bc539d94000412885}, language = {English}, urldate = {2020-01-09} } Python decryptor for newer AdWind config file
AdWind
2018-03-04Youtube (OALabs)Sergei Frankoff
@online{frankoff:20180304:unpacking:4d7dc7c, author = {Sergei Frankoff}, title = {{Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request}}, date = {2018-03-04}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=242Tn0IL2jE}, language = {English}, urldate = {2020-01-08} } Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request
Cold$eal GootKit
2018-01-11Youtube (OALabs)Sergei Frankoff
@online{frankoff:20180111:unpacking:bd095df, author = {Sergei Frankoff}, title = {{Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1}}, date = {2018-01-11}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=HfSQlC76_s4}, language = {English}, urldate = {2019-11-29} } Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
Pykspa
2014-12-04Sergei Frankoff
@online{frankoff:20141204:inside:80c0fea, author = {Sergei Frankoff}, title = {{Inside The New Asprox/Kuluoz (October 2013 - January 2014)}}, date = {2014-12-04}, url = {http://oalabs.openanalysis.net/2014/12/04/inside-the-new-asprox-kuluoz-october-2013-january-2014/}, language = {English}, urldate = {2020-01-08} } Inside The New Asprox/Kuluoz (October 2013 - January 2014)
Asprox