Contents
_LDR_DATA_TABLE_ENTRY
Rhadamanthys • Jan 19, 2023
_LIST_ENTRY
Rhadamanthys • Jan 19, 2023
agenttesla
AgentTesla • Nov 17, 2022
alphagolang
Titan Stealer • Dec 1, 2022
Laplace Clipper • Nov 27, 2022
amadey
Amadey Loader • Nov 13, 2022
Triage Amadey Loader • May 29, 2022
angr
Emotet Deobfuscation Generic Solution • Apr 20, 2022
Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022
Emotet Deobfuscation • Apr 6, 2022
Angr Control Flow Deobfuscation • Mar 26, 2022
anti-debug
Guloader • Dec 16, 2022
APT
Hermetic Wizard Malware • Mar 10, 2022
Hermetic Wiper Malware • Feb 27, 2022
automation
Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022
bitrat
BitRat Exposed • Oct 20, 2022
blackcat
BlackCat Ransomware • Mar 16, 2022
blackmatter
BlackMatter Ransomware Version 3 • Oct 30, 2021
BlackMatter Ransomware • Oct 28, 2021
botnet
Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022
boymoderre
Brute Ratel • Dec 11, 2022
brute ratel
Brute Ratel • Dec 11, 2022
bumblebee
Bumblebee Loader • May 12, 2022
clipboard
Clipboard Hijacker Detection • Sep 18, 2022
cobaltstrike
Cobalt Strike Analysis • Jun 9, 2022
config
Rhadamanthys • Jan 19, 2023
Guloader • Dec 16, 2022
Tofsee • Nov 20, 2022
Amadey Loader • Nov 13, 2022
BitRat Exposed • Oct 20, 2022
Icarus Stealer - What is it? • Oct 9, 2022
ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022
PrivateLoader Triage • Sep 8, 2022
DbatLoader Triage • Sep 4, 2022
SmokeLoader Triage • Aug 25, 2022
Cobalt Strike Analysis • Jun 9, 2022
Triage Amadey Loader • May 29, 2022
Emotet x64 Stack Strings Config Emulation • May 19, 2022
Jupyter Infostealer • Jan 30, 2022
Qakbot / Qbot • Dec 22, 2021
Dridex (DoppelDridex) Loader • Nov 30, 2021
Emotet Config Extractor • Nov 18, 2021
BlackMatter Ransomware Version 3 • Oct 30, 2021
BlackMatter Ransomware • Oct 28, 2021
Darkside Ransomware • Oct 8, 2021
SquirrelWaffel Config Extraction • Sep 27, 2021
WarZone RAT • May 31, 2021
conti
Conti Ransomware V2 Source Code Leak • Mar 3, 2022
cpp
Tofsee • Nov 20, 2022
Amadey Loader • Nov 13, 2022
C++ STL Types • Nov 6, 2022
BitRat Exposed • Oct 20, 2022
darkside
Darkside Ransomware • Oct 8, 2021
dbatloader
Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022
DbatLoader Triage • Sep 4, 2022
debugging
Guloader • Dec 16, 2022
delphi
DbatLoader Triage • Sep 4, 2022
deobfuscation
Emotet Deobfuscation Generic Solution • Apr 20, 2022
Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022
Emotet Deobfuscation • Apr 6, 2022
Angr Control Flow Deobfuscation • Mar 26, 2022
detection_engineering
Malware Downloader Triage Notes • Jun 12, 2022
diceloader
Diceloader Triage Notes • Jun 16, 2022
dnlib
Dot NET Static Analysis With Python • Jul 14, 2021
doppeldridex
Dridex (DoppelDridex) Loader • Nov 30, 2021
Dot NET
Jupyter Infostealer • Jan 30, 2022
Dot NET Static Analysis With Python • Jul 14, 2021
dotnet
AgentTesla • Nov 17, 2022
Icarus Stealer - What is it? • Oct 9, 2022
downloader
Diceloader Triage Notes • Jun 16, 2022
Malware Downloader Triage Notes • Jun 12, 2022
Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022
dridex
Dridex (DoppelDridex) Loader • Nov 30, 2021
dumpulator
Dumpulator VEH • Jan 15, 2023
Matanbuchus Triage Notes • Jun 19, 2022
Cobalt Strike Analysis • Jun 9, 2022
Emotet x64 Stack Strings Config Emulation • May 19, 2022
Pandora Ransomware • Mar 19, 2022
BlackCat Ransomware • Mar 16, 2022
emotet
Emotet x64 Stack Strings Config Emulation • May 19, 2022
Emotet 64-bit • Apr 30, 2022
Emotet Deobfuscation Generic Solution • Apr 20, 2022
Emotet Deobfuscation • Apr 6, 2022
Emotet Config Extractor • Nov 18, 2021
emulation
Dumpulator VEH • Jan 15, 2023
Guloader • Dec 16, 2022
Matanbuchus Triage Notes • Jun 19, 2022
Cobalt Strike Analysis • Jun 9, 2022
Emotet x64 Stack Strings Config Emulation • May 19, 2022
Pandora Ransomware • Mar 19, 2022
BlackCat Ransomware • Mar 16, 2022
entropy
Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022
exceptions
Dumpulator VEH • Jan 15, 2023
gh0st
Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022
ghost rat
Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022
golang
Titan Stealer • Dec 1, 2022
Laplace Clipper • Nov 27, 2022
goresym
Titan Stealer • Dec 1, 2022
Laplace Clipper • Nov 27, 2022
gozi
ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022
guloader
Dumpulator VEH • Jan 15, 2023
Guloader • Dec 16, 2022
hackingteam
HackingTeam Soldier Implant • Jan 27, 2022
hermetic
Hermetic Wizard Malware • Mar 10, 2022
Hermetic Wiper Malware • Feb 27, 2022
hermetic wiper
Hermetic Wiper Malware • Feb 27, 2022
hermetic wizard
Hermetic Wizard Malware • Mar 10, 2022
hijacker
Clipboard Hijacker Detection • Sep 18, 2022
icarus
Icarus Stealer - What is it? • Oct 9, 2022
IDA
Rhadamanthys • Jan 19, 2023
ida
Titan Stealer • Dec 1, 2022
Laplace Clipper • Nov 27, 2022
isfb
ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022
jupyter
Jupyter Infostealer • Jan 30, 2022
laplace
Laplace Clipper • Nov 27, 2022
loader
Amadey Loader • Nov 13, 2022
PrivateLoader Triage • Sep 8, 2022
DbatLoader Triage • Sep 4, 2022
SmokeLoader Triage • Aug 25, 2022
Matanbuchus Triage Notes • Jun 19, 2022
Triage Amadey Loader • May 29, 2022
Bumblebee Loader • May 12, 2022
Lockbit
Lockbit 3.0 Ransomware Triage • Jul 7, 2022
lockbit3
Lockbit 3.0 Ransomware Triage • Jul 7, 2022
Magniber
Magniber Ransomware Triage • May 6, 2022
Syscall Reversing • May 3, 2022
malware
Triage Amadey Loader • May 29, 2022
Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022
Emotet x64 Stack Strings Config Emulation • May 19, 2022
Bumblebee Loader • May 12, 2022
Magniber Ransomware Triage • May 6, 2022
Syscall Reversing • May 3, 2022
Emotet 64-bit • Apr 30, 2022
Emotet Deobfuscation • Apr 6, 2022
Pandora Ransomware • Mar 19, 2022
BlackCat Ransomware • Mar 16, 2022
Hermetic Wizard Malware • Mar 10, 2022
Conti Ransomware V2 Source Code Leak • Mar 3, 2022
Hermetic Wiper Malware • Feb 27, 2022
Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022
Jupyter Infostealer • Jan 30, 2022
HackingTeam Soldier Implant • Jan 27, 2022
WhisperGate Malware • Jan 20, 2022
Night Sky Ransomware • Jan 6, 2022
Qakbot / Qbot • Dec 22, 2021
Dridex (DoppelDridex) Loader • Nov 30, 2021
Emotet Config Extractor • Nov 18, 2021
BlackMatter Ransomware Version 3 • Oct 30, 2021
BlackMatter Ransomware • Oct 28, 2021
Darkside Ransomware • Oct 8, 2021
SquirrelWaffel Config Extraction • Sep 27, 2021
WarZone RAT • May 31, 2021
Matanbuchus
Matanbuchus Triage Notes • Jun 19, 2022
night sky
Night Sky Ransomware • Jan 6, 2022
noobsnight
PowerShell Loading Shellcode • Nov 24, 2022
pandora
Pandora Ransomware • Mar 19, 2022
PEB
Rhadamanthys • Jan 19, 2023
polyglot
Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022
powershell
PowerShell Loading Shellcode • Nov 24, 2022
privateloader
PrivateLoader Triage • Sep 8, 2022
python
Brute Ratel • Dec 11, 2022
Titan Stealer • Dec 1, 2022
Laplace Clipper • Nov 27, 2022
AgentTesla • Nov 17, 2022
Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022
ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022
BlackCat Ransomware • Mar 16, 2022
Reversing Tips With Python3 • Jul 26, 2021
Dot NET Static Analysis With Python • Jul 14, 2021
Python3 Tips and Sample Code • Jun 27, 2021
python3
Reversing Tips With Python3 • Jul 26, 2021
Python3 Tips and Sample Code • Jun 27, 2021
qakbot
Qakbot / Qbot • Dec 22, 2021
qbot
Qakbot / Qbot • Dec 22, 2021
ransomware
Lockbit 3.0 Ransomware Triage • Jul 7, 2022
Magniber Ransomware Triage • May 6, 2022
Syscall Reversing • May 3, 2022
Pandora Ransomware • Mar 19, 2022
BlackCat Ransomware • Mar 16, 2022
Conti Ransomware V2 Source Code Leak • Mar 3, 2022
Night Sky Ransomware • Jan 6, 2022
BlackMatter Ransomware Version 3 • Oct 30, 2021
BlackMatter Ransomware • Oct 28, 2021
Darkside Ransomware • Oct 8, 2021
rat
Brute Ratel • Dec 11, 2022
BitRat Exposed • Oct 20, 2022
redteam
Brute Ratel • Dec 11, 2022
research
Brute Ratel • Dec 11, 2022
Titan Stealer • Dec 1, 2022
Laplace Clipper • Nov 27, 2022
AgentTesla • Nov 17, 2022
Malware Downloader Triage Notes • Jun 12, 2022
Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022
Magniber Ransomware Triage • May 6, 2022
Syscall Reversing • May 3, 2022
Emotet Deobfuscation Generic Solution • Apr 20, 2022
Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022
Emotet Deobfuscation • Apr 6, 2022
Angr Control Flow Deobfuscation • Mar 26, 2022
Reversing Tips With Python3 • Jul 26, 2021
Dot NET Static Analysis With Python • Jul 14, 2021
Python3 Tips and Sample Code • Jun 27, 2021
rhadamanthys
Rhadamanthys • Jan 19, 2023
rm3
ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022
shellcode
PowerShell Loading Shellcode • Nov 24, 2022
shifted pointers
Rhadamanthys • Jan 19, 2023
smoke
SmokeLoader Triage • Aug 25, 2022
smokeloader
SmokeLoader Triage • Aug 25, 2022
solarmarker
Jupyter Infostealer • Jan 30, 2022
soldier
HackingTeam Soldier Implant • Jan 27, 2022
source
Conti Ransomware V2 Source Code Leak • Mar 3, 2022
spreader
Hermetic Wizard Malware • Mar 10, 2022
squirrelwaffel
SquirrelWaffel Config Extraction • Sep 27, 2021
static analysis
Dot NET Static Analysis With Python • Jul 14, 2021
stealer
Titan Stealer • Dec 1, 2022
stl
Amadey Loader • Nov 13, 2022
C++ STL Types • Nov 6, 2022
stormkitty
Dot NET Static Analysis With Python • Jul 14, 2021
symbolic execution
Emotet Deobfuscation Generic Solution • Apr 20, 2022
Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022
Emotet Deobfuscation • Apr 6, 2022
Angr Control Flow Deobfuscation • Mar 26, 2022
syscalls
Magniber Ransomware Triage • May 6, 2022
Syscall Reversing • May 3, 2022
threatintel
Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022
tips
Reversing Tips With Python3 • Jul 26, 2021
Python3 Tips and Sample Code • Jun 27, 2021
titan
Titan Stealer • Dec 1, 2022
tofsee
Tofsee • Nov 20, 2022
C++ STL Types • Nov 6, 2022
tracker
Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022
triage
Clipboard Hijacker Detection • Sep 18, 2022
PrivateLoader Triage • Sep 8, 2022
DbatLoader Triage • Sep 4, 2022
SmokeLoader Triage • Aug 25, 2022
Lockbit 3.0 Ransomware Triage • Jul 7, 2022
Matanbuchus Triage Notes • Jun 19, 2022
Diceloader Triage Notes • Jun 16, 2022
Malware Downloader Triage Notes • Jun 12, 2022
Triage Amadey Loader • May 29, 2022
types
C++ STL Types • Nov 6, 2022
unicorn
Guloader • Dec 16, 2022
unpacking
Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022
Bumblebee Loader • May 12, 2022
Pandora Ransomware • Mar 19, 2022
HackingTeam Soldier Implant • Jan 27, 2022
veh
Dumpulator VEH • Jan 15, 2023
vmprotect
HackingTeam Soldier Implant • Jan 27, 2022
Night Sky Ransomware • Jan 6, 2022
warzone
WarZone RAT • May 31, 2021
whispergate
WhisperGate Malware • Jan 20, 2022
wiper
Hermetic Wiper Malware • Feb 27, 2022
yara
Icarus Stealer - What is it? • Oct 9, 2022
ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022
Clipboard Hijacker Detection • Sep 18, 2022
SmokeLoader Triage • Aug 25, 2022
Lockbit 3.0 Ransomware Triage • Jul 7, 2022
Matanbuchus Triage Notes • Jun 19, 2022
Diceloader Triage Notes • Jun 16, 2022
Malware Downloader Triage Notes • Jun 12, 2022