This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• OneNote WSF Malware (Emotet)

  Rapidly extracting IOCs from Onenote malware delivery

  Mar 19, 2023

• CryptBot

  Another C++ bot

  Mar 16, 2023

• Healer AVKiller

  Simple .NET hack tool used to kill AV

  Mar 15, 2023

• QvoidStealer

  Lol what is up with these trash .NET stealers

  Mar 12, 2023

• PikaBot

  Tiny loader that seems very familiar

  Feb 26, 2023

• SoulSearcher Worm

  What is going on with all these SoulSearcher samples

  Feb 16, 2023

• Yara Megaprimer

  What is Yara and how is it used

  Feb 9, 2023

• Rhadamanthys

  What is this thing are we just looking at a downloader

  Jan 19, 2023

• Dumpulator VEH

  A deeper look at the Dumpulator advanced emulation capabilities

  Jan 15, 2023

• Guloader

  A closer look at this infamous loader

  Dec 16, 2022

• Brute Ratel

  Some notes on this dual purpose RAT

  Dec 11, 2022

• Titan Stealer

  Another GO stealer

  Dec 1, 2022

• Laplace Clipper

  Taking a look at this GOLang clipboard stealer

  Nov 27, 2022

• PowerShell Loading Shellcode

  Taking a look at this loader which is probably metasploit lol

  Nov 24, 2022

• Tofsee

  Taking a look at Tofsee

  Nov 20, 2022