Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-07Advanced IntelligenceVitali Kremez, Brian Carter, HYAS
@online{kremez:20210107:crime:4c6f5c3, author = {Vitali Kremez and Brian Carter and HYAS}, title = {{Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders}}, date = {2021-01-07}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/crime-laundering-primer-inside-ryuk-crime-crypto-ledger-risky-asian-crypto-traders}, language = {English}, urldate = {2021-01-11} } Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders
Ryuk
2020-11-19Twitter (@VK_intel)Vitali Kremez
@online{kremez:20201119:trickbot:32c7d08, author = {Vitali Kremez}, title = {{Tweet on Trickbot Group pushing LIGHTBOT powershell script to gather information about AD Server}}, date = {2020-11-19}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1329511151202349057}, language = {English}, urldate = {2020-11-23} } Tweet on Trickbot Group pushing LIGHTBOT powershell script to gather information about AD Server
LightBot
2020-11-17Twitter (@VK_intel)Vitali Kremez
@online{kremez:20201117:new:2098c0a, author = {Vitali Kremez}, title = {{Tweet on a new fileless TrickBot loading method using code from MemoryModule}}, date = {2020-11-17}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1328578336021483522}, language = {English}, urldate = {2020-12-14} } Tweet on a new fileless TrickBot loading method using code from MemoryModule
TrickBot
2020-11-06Advanced IntelligenceVitali Kremez
@online{kremez:20201106:anatomy:b2ce3ae, author = {Vitali Kremez}, title = {{Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike}}, date = {2020-11-06}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike}, language = {English}, urldate = {2020-11-09} } Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike
BazarBackdoor Cobalt Strike Ryuk
2020-10-12Advanced IntelligenceRoman Marshanski, Vitali Kremez
@online{marshanski:20201012:front:686add1, author = {Roman Marshanski and Vitali Kremez}, title = {{"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon}}, date = {2020-10-12}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/front-door-into-bazarbackdoor-stealthy-cybercrime-weapon}, language = {English}, urldate = {2020-10-13} } "Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
BazarBackdoor Cobalt Strike Ryuk
2020-08-14Twitter (@VK_intel)Vitali Kremez
@online{kremez:20200814:zloader:cbd9ad5, author = {Vitali Kremez}, title = {{Tweet on Zloader infection leading to Cobaltstrike Installation}}, date = {2020-08-14}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1294320579311435776}, language = {English}, urldate = {2020-11-09} } Tweet on Zloader infection leading to Cobaltstrike Installation
Cobalt Strike Zloader
2020-07-11Advanced IntelligenceVitali Kremez
@online{kremez:20200711:trickbot:602fd73, author = {Vitali Kremez}, title = {{TrickBot Group Launches Test Module Alerting on Fraud Activity}}, date = {2020-07-11}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/trickbot-group-launches-test-module-alerting-on-fraud-activity}, language = {English}, urldate = {2020-07-13} } TrickBot Group Launches Test Module Alerting on Fraud Activity
TrickBot
2020-07-10ReversingLabsVitali Kremez, Christiaan Beek, Tom Ueltschi, Hilko Bengen, Jo Johnson, Cooper Quintin, Wyatt Roersma, Tomislav Pericin
@online{kremez:20200710:yara:9b51a77, author = {Vitali Kremez and Christiaan Beek and Tom Ueltschi and Hilko Bengen and Jo Johnson and Cooper Quintin and Wyatt Roersma and Tomislav Pericin}, title = {{YARA Rules talks and presentation of REVERSING 2020}}, date = {2020-07-10}, organization = {ReversingLabs}, url = {https://register.reversinglabs.com/reversing2020/session-videos}, language = {English}, urldate = {2020-07-11} } YARA Rules talks and presentation of REVERSING 2020
2020-06-17Twitter (@VK_intel)Vitali Kremez, malwrhunterteam
@online{kremez:20200617:signed:f8eecc6, author = {Vitali Kremez and malwrhunterteam}, title = {{Tweet on signed Tinymet payload (V.02) used by TA505}}, date = {2020-06-17}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1273292957429510150}, language = {English}, urldate = {2020-06-18} } Tweet on signed Tinymet payload (V.02) used by TA505
TinyMet
2020-05-19zero2autoVitali Kremez
@online{kremez:20200519:netwalker:7ad1e7c, author = {Vitali Kremez}, title = {{Netwalker Ransomware - From Static Reverse Engineering to Automatic Extraction}}, date = {2020-05-19}, organization = {zero2auto}, url = {https://zero2auto.com/2020/05/19/netwalker-re/}, language = {English}, urldate = {2020-06-02} } Netwalker Ransomware - From Static Reverse Engineering to Automatic Extraction
Mailto
2020-05-04Twitter (@VK_intel)Vitali Kremez
@online{kremez:20200504:guloader:5d6f001, author = {Vitali Kremez}, title = {{GuLoader API Loader Algorithm}}, date = {2020-05-04}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1257206565146370050}, language = {English}, urldate = {2021-01-05} } GuLoader API Loader Algorithm
CloudEyE
2020-04-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20200429:some:2fb831b, author = {Vitali Kremez}, title = {{Some Insight into GuLoader family}}, date = {2020-04-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1255537954304524288}, language = {English}, urldate = {2021-01-05} } Some Insight into GuLoader family
CloudEyE
2020-04-24Vitali Kremez
@online{kremez:20200424:trickbot:3773039, author = {Vitali Kremez}, title = {{TrickBot "BazarBackdoor" Process Hollowing Injection Primer}}, date = {2020-04-24}, url = {https://www.vkremez.com/2020/04/lets-learn-trickbot-bazarbackdoor.html}, language = {English}, urldate = {2020-05-02} } TrickBot "BazarBackdoor" Process Hollowing Injection Primer
BazarBackdoor
2020-04-21Twitter (@VK_intel)Vitali Kremez
@online{kremez:20200421:signed:0a546c1, author = {Vitali Kremez}, title = {{Tweet on Signed GuLoader}}, date = {2020-04-21}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1252678206852907011}, language = {English}, urldate = {2021-01-05} } Tweet on Signed GuLoader
CloudEyE
2020-02-27Vitali Kremez
@online{kremez:20200227:lets:8b6f2b8, author = {Vitali Kremez}, title = {{Let’s Learn: Inside Parallax RAT Malware: Process Hollowing Injection & Process Doppelgänging API Mix: Part I}}, date = {2020-02-27}, url = {https://www.vkremez.com/2020/02/lets-learn-inside-parallax-rat-malware.html}, language = {English}, urldate = {2020-03-25} } Let’s Learn: Inside Parallax RAT Malware: Process Hollowing Injection & Process Doppelgänging API Mix: Part I
Parallax RAT
2020-02-05SentinelOneVitali Kremez
@online{kremez:20200205:prorussian:4fab984, author = {Vitali Kremez}, title = {{Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting}}, date = {2020-02-05}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/pro-russian-cyberspy-gamaredon-intensifies-ukrainian-security-targeting/}, language = {English}, urldate = {2020-02-09} } Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
Pteranodon
2020-01-25Github (k-vitali)Vitali Kremez
@online{kremez:20200125:extracted:3eb7aef, author = {Vitali Kremez}, title = {{Extracted Config for Ragnarok Ransomware}}, date = {2020-01-25}, organization = {Github (k-vitali)}, url = {https://github.com/k-vitali/Malware-Misc-RE/blob/master/2020-01-26-ragnarok-cfg-vk.notes.raw}, language = {English}, urldate = {2020-01-28} } Extracted Config for Ragnarok Ransomware
Ragnarok
2020-01-09SentinelOneVitali Kremez, Joshua Platt, Jason Reaves
@online{kremez:20200109:toptier:4f8de90, author = {Vitali Kremez and Joshua Platt and Jason Reaves}, title = {{Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets}}, date = {2020-01-09}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/}, language = {English}, urldate = {2020-01-13} } Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
TrickBot WIZARD SPIDER
2019-12-10Sentinel LABSVitali Kremez, Joshua Platt, Jason Reaves
@online{kremez:20191210:morphisec:c0fc51c, author = {Vitali Kremez and Joshua Platt and Jason Reaves}, title = {{MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS}}, date = {2019-12-10}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/the-deadly-planeswalker-how-the-trickbot-group-united-high-tech-crimeware-apt/}, language = {English}, urldate = {2020-01-08} } MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS
Anchor
2019-12-02Twitter (@VK_intel)Vitali Kremez
@online{kremez:20191202:socelars:8d5d01c, author = {Vitali Kremez}, title = {{Tweet on Socelars Stealer}}, date = {2019-12-02}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1201584107928653824}, language = {English}, urldate = {2020-01-17} } Tweet on Socelars Stealer
Socelars