Max 'Libra' Kersten
@Libranalysis
Malware analyst and reverse engineer, author of the Binary Analysis Course. DMs are always open. Opinions are my own and not the views of my employer.
ID:1014590600652447744
https://maxkersten.nl 04-07-2018 19:23:44
624 Tweets
3,1K Followers
350 Following
RansomHouse is an active ransomware gang. In my most recent blog for Trellix Advanced Research Center, together with PhD. Phuc and in collaboration with Northwave. Intelligent Security Operations., we wrote about the ransomware spreading tool that's been used, along with a ransomware negotiation: trellix.com/blogs/research…
Based on this, I updated the Trellix Advanced Research Center Ghidra script to locally use this JSON file. Additionally, I wrote a script to query the Malpedia web service via the exposed API, which one can also host locally. The Ghidra scripts can be found here: github.com/advanced-threa…