This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• PikaBot Is Back With a Vengeance - Part 2

  Automated String Decryption

  Nov 19, 2023

• PikaBot Is Back With a Vengeance

  Indirect Syscalls and Layers of Crypto

  Nov 12, 2023

• Ledger Live Crypto Wallet Attack

  A Targeted Malware Crypto Stealer

  Nov 5, 2023

• SparkRAT

  Open Source GO Rat

  Oct 29, 2023

• Origin Logger

  A closer look at this Agent Tesla successor

  Oct 22, 2023

• Extended ADVObfuscator

  Extending our ADV automated string decryption tool to handle custom cases

  Oct 15, 2023

• ADVObfuscator

  Automated string decryption

  Oct 8, 2023

• Mystic Stealer

  The many variants of this new stealer

  Oct 1, 2023

• Go Stack Strings

  Researching a generic solution to decrypt these stack strings

  Sep 3, 2023

• Attack Crypter

  An open source travesty used to drop .NET stealers

  Aug 27, 2023

• LimeRAT

  Open Source gone wrong with this RAT

  Aug 17, 2023

• Golang Garble String Decryption

  Garble GO obfuscation string decryption

  Aug 3, 2023

• Bandit Stealer Garbled

  Garble GO obfuscation analysis

  Jul 31, 2023

• Glubteba

  Investigating this elusive GO loader

  Jul 24, 2023

• RootTeam

  Taking a look at this free GO stealer

  Jul 20, 2023