Contents

• 3cx
• _LDR_DATA_TABLE_ENTRY
• _LIST_ENTRY
• agenttesla
• AgentTesla
• alphagolang
• amadey
• AMSI
• analysis
• angr
• anti-debug
• anti-detection
• APT
• apt
• ares
• aresloader
• asyncrat
• attack crypter
• automation
• avkiller
• Bandit
• bitrat
• blackcat
• blackmatter
• bokbot
• bot
• botnet
• boymoderre
• brute ratel
• bumblebee
• Chaos
• clipboard
• cobaltstrike
• config
• conti
• cpp
• cryptbot
• cryptnet
• darkside
• dbatloader
• debugging
• decryption
• delivery
• delphi
• deobfuscation
• detection_engineering
• DGA
• diceloader
• dnlib
• doppeldridex
• Dot NET
• dotnet
• downloader
• dridex
• dumpulator
• elf
• emotet
• emulation
• entropy
• exceptions
• garble
• gh0st
• ghost rat
• Glubteba
• go
• golang
• goresym
• gozi
• guloader
• hackingteam
• hancitor
• healer
• hermetic
• hermetic wiper
• hermetic wizard
• hijacker
• hvnc
• icarus
• icedid
• ida
• IDA
• in2al5dp3in4er
• intel
• invalid printer
• isfb
• jupyter
• laplace
• legionloader
• limerat
• loader
• lobshot
• Lockbit
• lockbit3
• Magniber
• malpedia
• malware
• Matanbuchus
• metatealer
• night sky
• noobsnight
• northkorea
• NullMixer
• obfuscation
• onenote
• open source
• pandora
• PEB
• photoloader
• pikabot
• polyglot
• powershell
• privateloader
• python
• python3
• qakbot
• qbot
• Quasar
• QvoidStealer
• Ransomware
• ransomware
• RAT
• rat
• redteam
• research
• rhadamanthys
• risepro
• rm3
• RootTeam
• sandbox
• satacom
• shellcode
• shifted pointers
• smoke
• smokeloader
• solarmarker
• soldier
• soulsearcher
• source
• spreader
• squirrelwaffel
• static analysis
• status recorder
• stealer
• stl
• stormkitty
• strelastealer
• string decryption
• strings
• symbolic execution
• syscalls
• threatintel
• tips
• titan
• tofsee
• tooling
• tracker
• triage
• truebot
• TrustedInstaller
• tutorial
• types
• unicorn
• unpacking
• vbs
• veh
• vmprotect
• warzone
• whispergate
• wiper
• worm
• wsf
• xorstr
• xorstringsnet
• yara

3cx

3CX Supply Chain Attack • Mar 30, 2023

_LDR_DATA_TABLE_ENTRY

Rhadamanthys • Jan 19, 2023

_LIST_ENTRY

Rhadamanthys • Jan 19, 2023

agenttesla

AgentTesla • Nov 17, 2022

AgentTesla

XORStringsNet • Apr 16, 2023

alphagolang

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

amadey

Amadey Loader • Nov 13, 2022

Triage Amadey Loader • May 29, 2022

AMSI

AMSI Bypass In The Wild • May 28, 2023

analysis

in2al5dp3in4er Loader • Apr 23, 2023

angr

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

anti-debug

Guloader • Dec 16, 2022

anti-detection

AMSI Bypass In The Wild • May 28, 2023

APT

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

apt

3CX Supply Chain Attack • Mar 30, 2023

ares

AresLoader • Apr 2, 2023

aresloader

AresLoader • Apr 2, 2023

asyncrat

AMSI Bypass In The Wild • May 28, 2023

attack crypter

Attack Crypter • Aug 27, 2023

automation

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

avkiller

Healer AVKiller • Mar 15, 2023

Bandit

Bandit Stealer Garbled • Jul 31, 2023

bitrat

BitRat Exposed • Oct 20, 2022

blackcat

BlackCat Ransomware • Mar 16, 2022

blackmatter

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

bokbot

PhotoLoader ICEDID • Apr 6, 2023

bot

Lobshot • Jul 16, 2023

botnet

CryptBot • Mar 16, 2023

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

boymoderre

Brute Ratel • Dec 11, 2022

brute ratel

Brute Ratel • Dec 11, 2022

bumblebee

Bumblebee Loader • May 12, 2022

Chaos

Quasar Chaos • Apr 13, 2023

clipboard

Clipboard Hijacker Detection • Sep 18, 2022

cobaltstrike

Cobalt Strike Analysis • Jun 9, 2022

config

LimeRAT • Aug 17, 2023

Truebot • Jul 13, 2023

Status Recorder • Jul 6, 2023

RisePro Triage • Jun 15, 2023

PhotoLoader ICEDID • Apr 6, 2023

CryptBot • Mar 16, 2023

PikaBot • Feb 26, 2023

Rhadamanthys • Jan 19, 2023

Guloader • Dec 16, 2022

Tofsee • Nov 20, 2022

Amadey Loader • Nov 13, 2022

BitRat Exposed • Oct 20, 2022

Icarus Stealer - What is it? • Oct 9, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Cobalt Strike Analysis • Jun 9, 2022

Triage Amadey Loader • May 29, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Jupyter Infostealer • Jan 30, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

Hancitor • Oct 4, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

conti

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

cpp

Tofsee • Nov 20, 2022

Amadey Loader • Nov 13, 2022

C++ STL Types • Nov 6, 2022

BitRat Exposed • Oct 20, 2022

cryptbot

CryptBot • Mar 16, 2023

cryptnet

CryptNET Ransomware • Apr 20, 2023

darkside

Darkside Ransomware • Oct 8, 2021

dbatloader

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

DbatLoader Triage • Sep 4, 2022

debugging

Guloader • Dec 16, 2022

decryption

XORSTR Generic String Decryption • Jun 25, 2023

delivery

Triage Malware Delivery Chain • Jul 2, 2023

delphi

DbatLoader Triage • Sep 4, 2022

deobfuscation

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

detection_engineering

Malware Downloader Triage Notes • Jun 12, 2022

DGA

Metastealer • May 11, 2023

diceloader

Diceloader Triage Notes • Jun 16, 2022

dnlib

Dot NET Static Analysis With Python • Jul 14, 2021

doppeldridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

Dot NET

Jupyter Infostealer • Jan 30, 2022

Dot NET Static Analysis With Python • Jul 14, 2021

dotnet

Attack Crypter • Aug 27, 2023

LimeRAT • Aug 17, 2023

Triage Malware Delivery Chain • Jul 2, 2023

CryptNET Ransomware • Apr 20, 2023

XORStringsNet • Apr 16, 2023

Healer AVKiller • Mar 15, 2023

QvoidStealer • Mar 12, 2023

AgentTesla • Nov 17, 2022

Icarus Stealer - What is it? • Oct 9, 2022

downloader

Attack Crypter • Aug 27, 2023

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

dridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

dumpulator

Dumpulator VEH • Jan 15, 2023

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

elf

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

emotet

OneNote WSF Malware (Emotet) • Mar 19, 2023

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Emotet Deobfuscation • Apr 6, 2022

Emotet Config Extractor • Nov 18, 2021

emulation

Go Stack Strings • Sep 3, 2023

Dumpulator VEH • Jan 15, 2023

Guloader • Dec 16, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

entropy

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

exceptions

Dumpulator VEH • Jan 15, 2023

garble

Golang Garble String Decryption • Aug 3, 2023

Bandit Stealer Garbled • Jul 31, 2023

gh0st

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

ghost rat

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

Glubteba

Glubteba • Jul 24, 2023

go

Golang Garble String Decryption • Aug 3, 2023

Bandit Stealer Garbled • Jul 31, 2023

golang

Go Stack Strings • Sep 3, 2023

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

goresym

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

gozi

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

guloader

Dumpulator VEH • Jan 15, 2023

Guloader • Dec 16, 2022

hackingteam

HackingTeam Soldier Implant • Jan 27, 2022

hancitor

Hancitor • Oct 4, 2021

healer

Healer AVKiller • Mar 15, 2023

hermetic

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

hermetic wiper

Hermetic Wiper Malware • Feb 27, 2022

hermetic wizard

Hermetic Wizard Malware • Mar 10, 2022

hijacker

Clipboard Hijacker Detection • Sep 18, 2022

hvnc

Lobshot • Jul 16, 2023

icarus

Icarus Stealer - What is it? • Oct 9, 2022

icedid

PhotoLoader ICEDID • Apr 6, 2023

ida

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

IDA

Rhadamanthys • Jan 19, 2023

in2al5dp3in4er

in2al5dp3in4er Loader • Apr 23, 2023

intel

SoulSearcher Worm • Feb 16, 2023

invalid printer

in2al5dp3in4er Loader • Apr 23, 2023

isfb

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

jupyter

Jupyter Infostealer • Jan 30, 2022

laplace

Laplace Clipper • Nov 27, 2022

legionloader

Satacom (LegionLoader) • Apr 30, 2023

limerat

LimeRAT • Aug 17, 2023

loader

Glubteba • Jul 24, 2023

Satacom (LegionLoader) • Apr 30, 2023

in2al5dp3in4er Loader • Apr 23, 2023

AresLoader • Apr 2, 2023

PikaBot • Feb 26, 2023

Amadey Loader • Nov 13, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Triage Amadey Loader • May 29, 2022

Bumblebee Loader • May 12, 2022

lobshot

Lobshot • Jul 16, 2023

Lockbit

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

lockbit3

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Magniber

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

malpedia

SoulSearcher Worm • Feb 16, 2023

malware

Triage Amadey Loader • May 29, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Bumblebee Loader • May 12, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation • Apr 6, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Hermetic Wizard Malware • Mar 10, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Hermetic Wiper Malware • Feb 27, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

Jupyter Infostealer • Jan 30, 2022

HackingTeam Soldier Implant • Jan 27, 2022

WhisperGate Malware • Jan 20, 2022

Night Sky Ransomware • Jan 6, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

Hancitor • Oct 4, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

Matanbuchus

Matanbuchus Triage Notes • Jun 19, 2022

metatealer

Metastealer • May 11, 2023

night sky

Night Sky Ransomware • Jan 6, 2022

noobsnight

PowerShell Loading Shellcode • Nov 24, 2022

northkorea

3CX Supply Chain Attack • Mar 30, 2023

NullMixer

Satacom (LegionLoader) • Apr 30, 2023

obfuscation

Golang Garble String Decryption • Aug 3, 2023

Bandit Stealer Garbled • Jul 31, 2023

Metastealer • May 11, 2023

onenote

OneNote WSF Malware (Emotet) • Mar 19, 2023

open source

Attack Crypter • Aug 27, 2023

pandora

Pandora Ransomware • Mar 19, 2022

PEB

Rhadamanthys • Jan 19, 2023

photoloader

PhotoLoader ICEDID • Apr 6, 2023

pikabot

PikaBot • Feb 26, 2023

polyglot

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

powershell

Triage Malware Delivery Chain • Jul 2, 2023

PowerShell Loading Shellcode • Nov 24, 2022

privateloader

PrivateLoader Triage • Sep 8, 2022

python

XORSTR Generic String Decryption • Jun 25, 2023

Brute Ratel • Dec 11, 2022

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

AgentTesla • Nov 17, 2022

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

BlackCat Ransomware • Mar 16, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

python3

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

qakbot

Qakbot / Qbot • Dec 22, 2021

qbot

Qakbot / Qbot • Dec 22, 2021

Quasar

Quasar Chaos • Apr 13, 2023

QvoidStealer

QvoidStealer • Mar 12, 2023

Ransomware

Quasar Chaos • Apr 13, 2023

ransomware

CryptNET Ransomware • Apr 20, 2023

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Night Sky Ransomware • Jan 6, 2022

BlackMatter Ransomware ESXi ELF Config • Nov 5, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

RAT

Quasar Chaos • Apr 13, 2023

rat

LimeRAT • Aug 17, 2023

Brute Ratel • Dec 11, 2022

BitRat Exposed • Oct 20, 2022

redteam

Brute Ratel • Dec 11, 2022

research

Brute Ratel • Dec 11, 2022

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

AgentTesla • Nov 17, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

rhadamanthys

Rhadamanthys • Jan 19, 2023

risepro

RisePro Triage • Jun 15, 2023

rm3

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

RootTeam

RootTeam • Jul 20, 2023

sandbox

in2al5dp3in4er Loader • Apr 23, 2023

satacom

Satacom (LegionLoader) • Apr 30, 2023

shellcode

PowerShell Loading Shellcode • Nov 24, 2022

shifted pointers

Rhadamanthys • Jan 19, 2023

smoke

SmokeLoader Triage • Aug 25, 2022

smokeloader

SmokeLoader Triage • Aug 25, 2022

solarmarker

Jupyter Infostealer • Jan 30, 2022

soldier

HackingTeam Soldier Implant • Jan 27, 2022

soulsearcher

SoulSearcher Worm • Feb 16, 2023

source

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

spreader

Hermetic Wizard Malware • Mar 10, 2022

squirrelwaffel

SquirrelWaffel Config Extraction • Sep 27, 2021

static analysis

Dot NET Static Analysis With Python • Jul 14, 2021

status recorder

Status Recorder • Jul 6, 2023

stealer

Bandit Stealer Garbled • Jul 31, 2023

RootTeam • Jul 20, 2023

Status Recorder • Jul 6, 2023

RisePro Triage • Jun 15, 2023

Metastealer • May 11, 2023

StrelaStealer • May 7, 2023

QvoidStealer • Mar 12, 2023

Titan Stealer • Dec 1, 2022

stl

Amadey Loader • Nov 13, 2022

C++ STL Types • Nov 6, 2022

stormkitty

Dot NET Static Analysis With Python • Jul 14, 2021

strelastealer

StrelaStealer • May 7, 2023

string decryption

Go Stack Strings • Sep 3, 2023

strings

Golang Garble String Decryption • Aug 3, 2023

symbolic execution

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

syscalls

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

threatintel

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

tips

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

titan

Titan Stealer • Dec 1, 2022

tofsee

Tofsee • Nov 20, 2022

tooling

C++ STL Types • Nov 6, 2022

tracker

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

triage

Glubteba • Jul 24, 2023

RootTeam • Jul 20, 2023

Lobshot • Jul 16, 2023

Truebot • Jul 13, 2023

Status Recorder • Jul 6, 2023

Triage Malware Delivery Chain • Jul 2, 2023

RisePro Triage • Jun 15, 2023

3CX Supply Chain Attack • Mar 30, 2023

OneNote WSF Malware (Emotet) • Mar 19, 2023

Clipboard Hijacker Detection • Sep 18, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Triage Amadey Loader • May 29, 2022

truebot

Truebot • Jul 13, 2023

TrustedInstaller

Healer AVKiller • Mar 15, 2023

tutorial

Yara Megaprimer • Feb 9, 2023

types

C++ STL Types • Nov 6, 2022

unicorn

Guloader • Dec 16, 2022

unpacking

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Bumblebee Loader • May 12, 2022

Pandora Ransomware • Mar 19, 2022

HackingTeam Soldier Implant • Jan 27, 2022

vbs

Triage Malware Delivery Chain • Jul 2, 2023

veh

Dumpulator VEH • Jan 15, 2023

vmprotect

HackingTeam Soldier Implant • Jan 27, 2022

Night Sky Ransomware • Jan 6, 2022

warzone

WarZone RAT • May 31, 2021

whispergate

WhisperGate Malware • Jan 20, 2022

wiper

Hermetic Wiper Malware • Feb 27, 2022

worm

SoulSearcher Worm • Feb 16, 2023

wsf

OneNote WSF Malware (Emotet) • Mar 19, 2023

xorstr

XORSTR Generic String Decryption • Jun 25, 2023

xorstringsnet

XORStringsNet • Apr 16, 2023

yara

CryptBot • Mar 16, 2023

QvoidStealer • Mar 12, 2023

PikaBot • Feb 26, 2023

SoulSearcher Worm • Feb 16, 2023

Yara Megaprimer • Feb 9, 2023

Icarus Stealer - What is it? • Oct 9, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

Clipboard Hijacker Detection • Sep 18, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022