diff --git a/README.md b/README.md index d1b9553..187f47f 100644 --- a/README.md +++ b/README.md @@ -199,6 +199,8 @@ Reverse engineering Emotet – Our approach to protect GRNET against the trojan] [2021] +* [Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets](https://labs.sentinelone.com/gootloader-initial-access-as-a-service-platform-expands-its-search-for-high-value-targets/) +* [Gootkit: the cautious Trojan](https://securelist.com/gootkit-the-cautious-trojan/102731/) * [“Gootloader” expands its payload delivery options](https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/) [2020] @@ -240,6 +242,7 @@ Daniel Bunce (0verfl0w_) - SentinelOne [2021] +* [Analysis of Hancitor – When Boring Begets Beacon](https://www.binarydefense.com/analysis-of-hancitor-when-boring-begets-beacon/) * [Unearthing Hancitor Infrastructure](https://inquest.net/blog/2021/04/16/unearthing-hancitor-infrastructure) * [Hancitor Infection Chain Analysis: An Examination of its Unpacking Routing and Execution Techniques](https://threatresearch.ext.hp.com/hancitors-return-analyzing-its-latest-infection-chain/) @@ -397,6 +400,7 @@ Zloader email campaign using MHTML to download and decrypt XLS](https://www.horn [2020] +* [Ryuk Revisited - Analysis of Recent Ryuk Attack](https://www.fortinet.com/blog/threat-research/ryuk-revisited-analysis-of-recent-ryuk-attack) * [An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques](https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/) * [Deep Dive Into Ryuk Ransomware](https://github.com/0xastr0/malwareanalysis/blob/main/Ryuk/Deep%20Dive%20Into%20Ryuk%20Ransomware.md) * [Deep Analysis of Ryuk Ransomware - N1ght-W0lf](https://n1ght-w0lf.github.io/malware%20analysis/ryuk-ransomware/) @@ -405,6 +409,7 @@ Zloader email campaign using MHTML to download and decrypt XLS](https://www.horn [2021] +* [Relentless REvil, revealed: RaaS as variable as the criminals who use it](https://news.sophos.com/en-us/2021/06/11/relentless-revil-revealed/) * [Sodinokibi Ransomware Analysis](https://www.goggleheadedhacker.com/blog/post/sodinokibi-ransomware-analysis) * [The DFIR Report - Sodinokibi (aka REvil) Ransomware](https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/) @@ -572,6 +577,7 @@ LockBit ransomware borrows tricks to keep up with REvil and Maze](https://news.s ## IDA Plugins * [IDA WinAPI Helper](https://github.com/x0r19x91/ida-winapi-helper) +* [Tenet Trace Explorer](https://blog.ret2.io/2021/04/20/tenet-trace-explorer/) ### Labeless