Contents

• amadey
• angr
• APT
• blackcat
• blackmatter
• bumblebee
• clipboard
• cobaltstrike
• config
• conti
• darkside
• dbatloader
• delphi
• deobfuscation
• detection_engineering
• diceloader
• dnlib
• doppeldridex
• Dot NET
• downloader
• dridex
• dumpulator
• emotet
• emulation
• entropy
• gh0st
• ghost rat
• hackingteam
• hermetic
• hermetic wiper
• hermetic wizard
• hijacker
• jupyter
• loader
• Lockbit
• lockbit3
• Magniber
• malware
• Matanbuchus
• night sky
• pandora
• polyglot
• privateloader
• python
• python3
• qakbot
• qbot
• ransomware
• research
• smoke
• smokeloader
• solarmarker
• soldier
• source
• spreader
• squirrelwaffel
• static analysis
• stormkitty
• symbolic execution
• syscalls
• tips
• triage
• unpacking
• vmprotect
• warzone
• whispergate
• wiper
• yara

amadey

Triage Amadey Loader • May 29, 2022

angr

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

APT

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

blackcat

BlackCat Ransomware • Mar 16, 2022

blackmatter

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

bumblebee

Bumblebee Loader • May 12, 2022

clipboard

Clipboard Hijacker Detection • Sep 18, 2022

cobaltstrike

Cobalt Strike Analysis • Jun 9, 2022

config

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Cobalt Strike Analysis • Jun 9, 2022

Triage Amadey Loader • May 29, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Jupyter Infostealer • Jan 30, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

conti

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

darkside

Darkside Ransomware • Oct 8, 2021

dbatloader

DbatLoader Triage • Sep 4, 2022

delphi

DbatLoader Triage • Sep 4, 2022

deobfuscation

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

detection_engineering

Malware Downloader Triage Notes • Jun 12, 2022

diceloader

Diceloader Triage Notes • Jun 16, 2022

dnlib

Dot NET Static Analysis With Python • Jul 14, 2021

doppeldridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

Dot NET

Jupyter Infostealer • Jan 30, 2022

Dot NET Static Analysis With Python • Jul 14, 2021

downloader

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

dridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

dumpulator

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

emotet

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Emotet Deobfuscation • Apr 6, 2022

Emotet Config Extractor • Nov 18, 2021

emulation

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

entropy

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

gh0st

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

ghost rat

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

hackingteam

HackingTeam Soldier Implant • Jan 27, 2022

hermetic

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

hermetic wiper

Hermetic Wiper Malware • Feb 27, 2022

hermetic wizard

Hermetic Wizard Malware • Mar 10, 2022

hijacker

Clipboard Hijacker Detection • Sep 18, 2022

jupyter

Jupyter Infostealer • Jan 30, 2022

loader

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Triage Amadey Loader • May 29, 2022

Bumblebee Loader • May 12, 2022

Lockbit

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

lockbit3

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Magniber

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

malware

Triage Amadey Loader • May 29, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Bumblebee Loader • May 12, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation • Apr 6, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Hermetic Wizard Malware • Mar 10, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Hermetic Wiper Malware • Feb 27, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

Jupyter Infostealer • Jan 30, 2022

HackingTeam Soldier Implant • Jan 27, 2022

WhisperGate Malware • Jan 20, 2022

Night Sky Ransomware • Jan 6, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

Matanbuchus

Matanbuchus Triage Notes • Jun 19, 2022

night sky

Night Sky Ransomware • Jan 6, 2022

pandora

Pandora Ransomware • Mar 19, 2022

polyglot

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

privateloader

PrivateLoader Triage • Sep 8, 2022

python

BlackCat Ransomware • Mar 16, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

python3

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

qakbot

Qakbot / Qbot • Dec 22, 2021

qbot

Qakbot / Qbot • Dec 22, 2021

ransomware

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Night Sky Ransomware • Jan 6, 2022

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

research

Malware Downloader Triage Notes • Jun 12, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

smoke

SmokeLoader Triage • Aug 25, 2022

smokeloader

SmokeLoader Triage • Aug 25, 2022

solarmarker

Jupyter Infostealer • Jan 30, 2022

soldier

HackingTeam Soldier Implant • Jan 27, 2022

source

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

spreader

Hermetic Wizard Malware • Mar 10, 2022

squirrelwaffel

SquirrelWaffel Config Extraction • Sep 27, 2021

static analysis

Dot NET Static Analysis With Python • Jul 14, 2021

stormkitty

Dot NET Static Analysis With Python • Jul 14, 2021

symbolic execution

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

syscalls

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

tips

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

triage

Clipboard Hijacker Detection • Sep 18, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Triage Amadey Loader • May 29, 2022

unpacking

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Bumblebee Loader • May 12, 2022

Pandora Ransomware • Mar 19, 2022

HackingTeam Soldier Implant • Jan 27, 2022

vmprotect

HackingTeam Soldier Implant • Jan 27, 2022

Night Sky Ransomware • Jan 6, 2022

warzone

WarZone RAT • May 31, 2021

whispergate

WhisperGate Malware • Jan 20, 2022

wiper

Hermetic Wiper Malware • Feb 27, 2022

yara

Clipboard Hijacker Detection • Sep 18, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022