Contents

• 3cx
• _LDR_DATA_TABLE_ENTRY
• _LIST_ENTRY
• advobfuscator
• AgentTesla
• agenttesla
• alphagolang
• amadey
• AMSI
• analysis
• angr
• anti-debug
• anti-detection
• apt
• APT
• ares
• aresloader
• asyncrat
• attack crypter
• autoit
• automation
• avkiller
• Bandit
• bitrat
• blackcat
• blackmatter
• bokbot
• bot
• botnet
• boymoderre
• brute ratel
• bumblebee
• cff
• Chaos
• clipboard
• cobaltstrike
• config
• conti
• core
• cosmu
• cpp
• creal
• creal-stealer
• credflusher
• cryptbot
• cryptnet
• crypto
• danabot
• darkside
• dbatloader
• debugging
• decryption
• delivery
• delphi
• deobfuscation
• detection_engineering
• DGA
• diceloader
• dnlib
• doppeldridex
• Dot NET
• dotnet
• downloader
• dridex
• dumpulator
• elf
• Emmenhtal
• emotet
• emulation
• emulator
• encryption
• entropy
• exceptions
• fileinfector
• garble
• gcleaner
• gh0st
• ghost rat
• github
• Glubteba
• go
• golang
• goresym
• gozi
• guloader
• hackingteam
• hancitor
• healer
• hermetic
• hermetic wiper
• hermetic wizard
• hijacker
• hvnc
• icarus
• icedid
• ida
• IDA
• in2al5dp3in4er
• intel
• invalid printer
• isfb
• jupyter
• kiosk
• laplace
• Latrodectus
• legionloader
• limerat
• live ledger
• loader
• lobshot
• Lockbit
• lockbit3
• lua
• lumma
• Magniber
• malpedia
• malware
• Matanbuchus
• memulator
• metatealer
• mystic stealer
• night sky
• noobsnight
• northkorea
• NullMixer
• obfuscation
• onenote
• open source
• opendir
• origin logger
• pandora
• PEB
• photoloader
• pikabot
• polyglot
• polygot
• powershell
• privateloader
• pyinstaller
• python
• python3
• qakbot
• qbot
• Quasar
• QvoidStealer
• ransomware
• Ransomware
• rat
• RAT
• redteam
• research
• rhadamanthys
• risepro
• rm3
• RootTeam
• rust
• sandbox
• satacom
• shellcode
• shifted pointers
• smoke
• smokeloader
• socks5systemz
• solarmarker
• soldier
• soulsearcher
• source
• sparkrat
• spreader
• squirrelwaffel
• static analysis
• status recorder
• stealc
• stealer
• stl
• stormkitty
• strelastealer
• string decryption
• strings
• symbolic execution
• syscalls
• themida
• threatintel
• tips
• titan
• tofsee
• tooling
• tracker
• triage
• truebot
• TrustedInstaller
• tutorial
• types
• unicorn
• unpacking
• vbs
• veh
• vm
• vmprotect
• vmzues
• wallet
• warzone
• whispergate
• wiper
• worm
• wsf
• x64dbg
• xorstr
• xorstringsnet
• yara
• zeus
• zharkbot

3cx

3CX Supply Chain Attack • Mar 30, 2023

_LDR_DATA_TABLE_ENTRY

Rhadamanthys • Jan 19, 2023

_LIST_ENTRY

Rhadamanthys • Jan 19, 2023

advobfuscator

Extended ADVObfuscator • Oct 15, 2023

ADVObfuscator • Oct 8, 2023

AgentTesla

XORStringsNet • Apr 16, 2023

agenttesla

Origin Logger • Oct 22, 2023

AgentTesla • Nov 17, 2022

alphagolang

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

amadey

AutoIt Credential Flusher • Sep 11, 2024

Amadey Loader • Nov 13, 2022

Triage Amadey Loader • May 29, 2022

AMSI

AMSI Bypass In The Wild • May 28, 2023

analysis

in2al5dp3in4er Loader • Apr 23, 2023

angr

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

anti-debug

Guloader • Dec 16, 2022

anti-detection

AMSI Bypass In The Wild • May 28, 2023

apt

3CX Supply Chain Attack • Mar 30, 2023

APT

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

ares

AresLoader • Apr 2, 2023

aresloader

AresLoader • Apr 2, 2023

asyncrat

AMSI Bypass In The Wild • May 28, 2023

attack crypter

Attack Crypter • Aug 27, 2023

autoit

AutoIt Credential Flusher • Sep 11, 2024

automation

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

avkiller

Healer AVKiller • Mar 15, 2023

Bandit

Bandit Stealer Garbled • Jul 31, 2023

bitrat

BitRat Exposed • Oct 20, 2022

blackcat

BlackCat Ransomware • Mar 16, 2022

blackmatter

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

bokbot

PhotoLoader ICEDID • Apr 6, 2023

bot

Lobshot • Jul 16, 2023

botnet

CryptBot • Mar 16, 2023

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

boymoderre

Brute Ratel • Dec 11, 2022

brute ratel

Brute Ratel • Dec 11, 2022

bumblebee

Bumblebee Loader • May 12, 2022

cff

Lumma Stealer Obfuscation • Apr 7, 2024

Chaos

Quasar Chaos • Apr 13, 2023

clipboard

Clipboard Hijacker Detection • Sep 18, 2022

cobaltstrike

Cobalt Strike Analysis • Jun 9, 2022

config

Latrodectus • Sep 30, 2024

SparkRAT • Oct 29, 2023

Origin Logger • Oct 22, 2023

LimeRAT • Aug 17, 2023

Truebot • Jul 13, 2023

Status Recorder • Jul 6, 2023

RisePro Triage • Jun 15, 2023

PhotoLoader ICEDID • Apr 6, 2023

CryptBot • Mar 16, 2023

PikaBot • Feb 26, 2023

Rhadamanthys • Jan 19, 2023

Guloader • Dec 16, 2022

Tofsee • Nov 20, 2022

Amadey Loader • Nov 13, 2022

BitRat Exposed • Oct 20, 2022

Icarus Stealer - What is it? • Oct 9, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Cobalt Strike Analysis • Jun 9, 2022

Triage Amadey Loader • May 29, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Jupyter Infostealer • Jan 30, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

Hancitor • Oct 4, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

conti

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

core

DanaBot Core • Dec 17, 2023

cosmu

COSMU File Infector • Apr 28, 2024

cpp

Mystic Stealer • Oct 1, 2023

Tofsee • Nov 20, 2022

Amadey Loader • Nov 13, 2022

C++ STL Types • Nov 6, 2022

BitRat Exposed • Oct 20, 2022

creal

Python Malware Triage - Creal Stealer • May 12, 2024

creal-stealer

Python Malware Triage - Creal Stealer • May 12, 2024

credflusher

AutoIt Credential Flusher • Sep 11, 2024

cryptbot

CryptBot • Mar 16, 2023

cryptnet

CryptNET Ransomware • Apr 20, 2023

crypto

Ledger Live Crypto Wallet Attack • Nov 5, 2023

danabot

DanaBot Core • Dec 17, 2023

DanaBot Triage • Dec 4, 2023

darkside

Darkside Ransomware • Oct 8, 2021

dbatloader

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

DbatLoader Triage • Sep 4, 2022

debugging

New Gcleaner • Mar 17, 2024

PikaBot Is Back With a Vengeance - Part 2 • Nov 19, 2023

PikaBot Is Back With a Vengeance • Nov 12, 2023

Guloader • Dec 16, 2022

decryption

XORSTR Generic String Decryption • Jun 25, 2023

delivery

Triage Malware Delivery Chain • Jul 2, 2023

delphi

DanaBot Core • Dec 17, 2023

DanaBot Triage • Dec 4, 2023

DbatLoader Triage • Sep 4, 2022

deobfuscation

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

detection_engineering

Malware Downloader Triage Notes • Jun 12, 2022

DGA

Metastealer • May 11, 2023

diceloader

Diceloader Triage Notes • Jun 16, 2022

dnlib

Dot NET Static Analysis With Python • Jul 14, 2021

doppeldridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

Dot NET

Jupyter Infostealer • Jan 30, 2022

Dot NET Static Analysis With Python • Jul 14, 2021

dotnet

Ledger Live Crypto Wallet Attack • Nov 5, 2023

Origin Logger • Oct 22, 2023

Attack Crypter • Aug 27, 2023

LimeRAT • Aug 17, 2023

Triage Malware Delivery Chain • Jul 2, 2023

CryptNET Ransomware • Apr 20, 2023

XORStringsNet • Apr 16, 2023

Healer AVKiller • Mar 15, 2023

QvoidStealer • Mar 12, 2023

AgentTesla • Nov 17, 2022

Icarus Stealer - What is it? • Oct 9, 2022

downloader

Attack Crypter • Aug 27, 2023

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

dridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

dumpulator

Dumpulator VEH • Jan 15, 2023

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

elf

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

Emmenhtal

Emmenhtal • Sep 16, 2024

emotet

OneNote WSF Malware (Emotet) • Mar 19, 2023

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Emotet Deobfuscation • Apr 6, 2022

Emotet Config Extractor • Nov 18, 2021

emulation

Latrodectus • Sep 30, 2024

PikaBot Is Back With a Vengeance - Part 2 • Nov 19, 2023

Go Stack Strings • Sep 3, 2023

Dumpulator VEH • Jan 15, 2023

Guloader • Dec 16, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

emulator

Emulating Themida • Jul 12, 2024

encryption

New Gcleaner • Mar 17, 2024

entropy

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

exceptions

Dumpulator VEH • Jan 15, 2023

fileinfector

COSMU File Infector • Apr 28, 2024

garble

Golang Garble String Decryption • Aug 3, 2023

Bandit Stealer Garbled • Jul 31, 2023

gcleaner

New Gcleaner • Mar 17, 2024

gh0st

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

ghost rat

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

github

GitHub Bug Used to Infect Game Hackers With Lua Malware • Mar 3, 2024

Glubteba

Glubteba • Jul 24, 2023

go

Golang Garble String Decryption • Aug 3, 2023

Bandit Stealer Garbled • Jul 31, 2023

golang

SparkRAT • Oct 29, 2023

Go Stack Strings • Sep 3, 2023

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

goresym

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

gozi

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

guloader

Dumpulator VEH • Jan 15, 2023

Guloader • Dec 16, 2022

hackingteam

HackingTeam Soldier Implant • Jan 27, 2022

hancitor

Hancitor • Oct 4, 2021

healer

Healer AVKiller • Mar 15, 2023

hermetic

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

hermetic wiper

Hermetic Wiper Malware • Feb 27, 2022

hermetic wizard

Hermetic Wizard Malware • Mar 10, 2022

hijacker

Clipboard Hijacker Detection • Sep 18, 2022

hvnc

Lobshot • Jul 16, 2023

icarus

Icarus Stealer - What is it? • Oct 9, 2022

icedid

PhotoLoader ICEDID • Apr 6, 2023

ida

Lumma Stealer Obfuscation • Apr 7, 2024

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

IDA

Rhadamanthys • Jan 19, 2023

in2al5dp3in4er

in2al5dp3in4er Loader • Apr 23, 2023

intel

SoulSearcher Worm • Feb 16, 2023

invalid printer

in2al5dp3in4er Loader • Apr 23, 2023

isfb

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

jupyter

Jupyter Infostealer • Jan 30, 2022

kiosk

AutoIt Credential Flusher • Sep 11, 2024

laplace

Laplace Clipper • Nov 27, 2022

Latrodectus

Latrodectus • Sep 30, 2024

legionloader

Satacom (LegionLoader) • Apr 30, 2023

limerat

LimeRAT • Aug 17, 2023

live ledger

Ledger Live Crypto Wallet Attack • Nov 5, 2023

loader

Emmenhtal • Sep 16, 2024

New Gcleaner • Mar 17, 2024

DanaBot Triage • Dec 4, 2023

Glubteba • Jul 24, 2023

Satacom (LegionLoader) • Apr 30, 2023

in2al5dp3in4er Loader • Apr 23, 2023

AresLoader • Apr 2, 2023

PikaBot • Feb 26, 2023

Amadey Loader • Nov 13, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Triage Amadey Loader • May 29, 2022

Bumblebee Loader • May 12, 2022

lobshot

Lobshot • Jul 16, 2023

Lockbit

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

lockbit3

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

lua

GitHub Bug Used to Infect Game Hackers With Lua Malware • Mar 3, 2024

lumma

Lumma Stealer Obfuscation • Apr 7, 2024

Magniber

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

malpedia

SoulSearcher Worm • Feb 16, 2023

malware

Triage Amadey Loader • May 29, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Bumblebee Loader • May 12, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation • Apr 6, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Hermetic Wizard Malware • Mar 10, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Hermetic Wiper Malware • Feb 27, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

Jupyter Infostealer • Jan 30, 2022

HackingTeam Soldier Implant • Jan 27, 2022

WhisperGate Malware • Jan 20, 2022

Night Sky Ransomware • Jan 6, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

Hancitor • Oct 4, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

Matanbuchus

Matanbuchus Triage Notes • Jun 19, 2022

memulator

PikaBot Is Back With a Vengeance - Part 2 • Nov 19, 2023

metatealer

Metastealer • May 11, 2023

mystic stealer

Mystic Stealer • Oct 1, 2023

night sky

Night Sky Ransomware • Jan 6, 2022

noobsnight

PowerShell Loading Shellcode • Nov 24, 2022

northkorea

3CX Supply Chain Attack • Mar 30, 2023

NullMixer

Satacom (LegionLoader) • Apr 30, 2023

obfuscation

Lumma Stealer Obfuscation • Apr 7, 2024

VM Reverse Engineering Part 2 - Disassembly • Jan 21, 2024

Introduction To VM Protection - VMZeus • Jan 7, 2024

Extended ADVObfuscator • Oct 15, 2023

ADVObfuscator • Oct 8, 2023

Mystic Stealer • Oct 1, 2023

Golang Garble String Decryption • Aug 3, 2023

Bandit Stealer Garbled • Jul 31, 2023

Metastealer • May 11, 2023

onenote

OneNote WSF Malware (Emotet) • Mar 19, 2023

open source

Attack Crypter • Aug 27, 2023

opendir

New Gcleaner • Mar 17, 2024

origin logger

Origin Logger • Oct 22, 2023

pandora

Pandora Ransomware • Mar 19, 2022

PEB

Rhadamanthys • Jan 19, 2023

photoloader

PhotoLoader ICEDID • Apr 6, 2023

pikabot

PikaBot Is Back With a Vengeance - Part 2 • Nov 19, 2023

PikaBot Is Back With a Vengeance • Nov 12, 2023

PikaBot • Feb 26, 2023

polyglot

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

polygot

Emmenhtal • Sep 16, 2024

powershell

Triage Malware Delivery Chain • Jul 2, 2023

PowerShell Loading Shellcode • Nov 24, 2022

privateloader

PrivateLoader Triage • Sep 8, 2022

pyinstaller

Python Malware Triage - Creal Stealer • May 12, 2024

python

Python Hunting • Aug 26, 2024

Python Malware Triage - Creal Stealer • May 12, 2024

Extended ADVObfuscator • Oct 15, 2023

ADVObfuscator • Oct 8, 2023

XORSTR Generic String Decryption • Jun 25, 2023

Brute Ratel • Dec 11, 2022

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

AgentTesla • Nov 17, 2022

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

BlackCat Ransomware • Mar 16, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

python3

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

qakbot

Qakbot / Qbot • Dec 22, 2021

qbot

Qakbot / Qbot • Dec 22, 2021

Quasar

Quasar Chaos • Apr 13, 2023

QvoidStealer

QvoidStealer • Mar 12, 2023

ransomware

CryptNET Ransomware • Apr 20, 2023

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Night Sky Ransomware • Jan 6, 2022

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

Ransomware

Quasar Chaos • Apr 13, 2023

rat

SparkRAT • Oct 29, 2023

LimeRAT • Aug 17, 2023

Brute Ratel • Dec 11, 2022

BitRat Exposed • Oct 20, 2022

RAT

Quasar Chaos • Apr 13, 2023

redteam

Brute Ratel • Dec 11, 2022

research

Brute Ratel • Dec 11, 2022

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

AgentTesla • Nov 17, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

rhadamanthys

Rhadamanthys • Jan 19, 2023

risepro

RisePro Triage • Jun 15, 2023

rm3

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

RootTeam

RootTeam • Jul 20, 2023

rust

Zharkbot In A RUST Shell • Jul 7, 2024

sandbox

in2al5dp3in4er Loader • Apr 23, 2023

satacom

Satacom (LegionLoader) • Apr 30, 2023

shellcode

PowerShell Loading Shellcode • Nov 24, 2022

shifted pointers

Rhadamanthys • Jan 19, 2023

smoke

SmokeLoader Triage • Aug 25, 2022

smokeloader

SmokeLoader Triage • Aug 25, 2022

socks5systemz

Emulating Themida • Jul 12, 2024

solarmarker

Jupyter Infostealer • Jan 30, 2022

soldier

HackingTeam Soldier Implant • Jan 27, 2022

soulsearcher

SoulSearcher Worm • Feb 16, 2023

source

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

sparkrat

SparkRAT • Oct 29, 2023

spreader

Hermetic Wizard Malware • Mar 10, 2022

squirrelwaffel

SquirrelWaffel Config Extraction • Sep 27, 2021

static analysis

Dot NET Static Analysis With Python • Jul 14, 2021

status recorder

Status Recorder • Jul 6, 2023

stealc

AutoIt Credential Flusher • Sep 11, 2024

stealer

AutoIt Credential Flusher • Sep 11, 2024

Ledger Live Crypto Wallet Attack • Nov 5, 2023

Mystic Stealer • Oct 1, 2023

Bandit Stealer Garbled • Jul 31, 2023

RootTeam • Jul 20, 2023

Status Recorder • Jul 6, 2023

RisePro Triage • Jun 15, 2023

Metastealer • May 11, 2023

StrelaStealer • May 7, 2023

QvoidStealer • Mar 12, 2023

Titan Stealer • Dec 1, 2022

stl

Amadey Loader • Nov 13, 2022

C++ STL Types • Nov 6, 2022

stormkitty

Dot NET Static Analysis With Python • Jul 14, 2021

strelastealer

StrelaStealer • May 7, 2023

string decryption

PikaBot Is Back With a Vengeance - Part 2 • Nov 19, 2023

PikaBot Is Back With a Vengeance • Nov 12, 2023

Go Stack Strings • Sep 3, 2023

strings

Extended ADVObfuscator • Oct 15, 2023

ADVObfuscator • Oct 8, 2023

Golang Garble String Decryption • Aug 3, 2023

symbolic execution

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

syscalls

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

themida

Emulating Themida • Jul 12, 2024

threatintel

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

tips

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

titan

Titan Stealer • Dec 1, 2022

tofsee

Tofsee • Nov 20, 2022

tooling

Extended ADVObfuscator • Oct 15, 2023

ADVObfuscator • Oct 8, 2023

C++ STL Types • Nov 6, 2022

tracker

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

triage

Zharkbot Strings • Sep 2, 2024

Python Hunting • Aug 26, 2024

Zharkbot In A RUST Shell • Jul 7, 2024

Python Malware Triage - Creal Stealer • May 12, 2024

Glubteba • Jul 24, 2023

RootTeam • Jul 20, 2023

Lobshot • Jul 16, 2023

Truebot • Jul 13, 2023

Status Recorder • Jul 6, 2023

Triage Malware Delivery Chain • Jul 2, 2023

RisePro Triage • Jun 15, 2023

3CX Supply Chain Attack • Mar 30, 2023

OneNote WSF Malware (Emotet) • Mar 19, 2023

Clipboard Hijacker Detection • Sep 18, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Triage Amadey Loader • May 29, 2022

truebot

Truebot • Jul 13, 2023

TrustedInstaller

Healer AVKiller • Mar 15, 2023

tutorial

VM Reverse Engineering Part 2 - Disassembly • Jan 21, 2024

Introduction To VM Protection - VMZeus • Jan 7, 2024

Yara Megaprimer • Feb 9, 2023

types

C++ STL Types • Nov 6, 2022

unicorn

Emulating Themida • Jul 12, 2024

Guloader • Dec 16, 2022

unpacking

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Bumblebee Loader • May 12, 2022

Pandora Ransomware • Mar 19, 2022

HackingTeam Soldier Implant • Jan 27, 2022

vbs

Triage Malware Delivery Chain • Jul 2, 2023

veh

Dumpulator VEH • Jan 15, 2023

vm

VM Reverse Engineering Part 2 - Disassembly • Jan 21, 2024

Introduction To VM Protection - VMZeus • Jan 7, 2024

vmprotect

HackingTeam Soldier Implant • Jan 27, 2022

Night Sky Ransomware • Jan 6, 2022

vmzues

VM Reverse Engineering Part 2 - Disassembly • Jan 21, 2024

Introduction To VM Protection - VMZeus • Jan 7, 2024

wallet

Ledger Live Crypto Wallet Attack • Nov 5, 2023

warzone

WarZone RAT • May 31, 2021

whispergate

WhisperGate Malware • Jan 20, 2022

wiper

Hermetic Wiper Malware • Feb 27, 2022

worm

SoulSearcher Worm • Feb 16, 2023

wsf

OneNote WSF Malware (Emotet) • Mar 19, 2023

x64dbg

Zharkbot Strings • Sep 2, 2024

Python Hunting • Aug 26, 2024

xorstr

XORSTR Generic String Decryption • Jun 25, 2023

xorstringsnet

XORStringsNet • Apr 16, 2023

yara

CryptBot • Mar 16, 2023

QvoidStealer • Mar 12, 2023

PikaBot • Feb 26, 2023

SoulSearcher Worm • Feb 16, 2023

Yara Megaprimer • Feb 9, 2023

Icarus Stealer - What is it? • Oct 9, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

Clipboard Hijacker Detection • Sep 18, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

zeus

VM Reverse Engineering Part 2 - Disassembly • Jan 21, 2024

Introduction To VM Protection - VMZeus • Jan 7, 2024

zharkbot

Zharkbot Strings • Sep 2, 2024

Zharkbot In A RUST Shell • Jul 7, 2024