Contents

• _LDR_DATA_TABLE_ENTRY
• _LIST_ENTRY
• agenttesla
• alphagolang
• amadey
• angr
• anti-debug
• APT
• automation
• bitrat
• blackcat
• blackmatter
• botnet
• boymoderre
• brute ratel
• bumblebee
• clipboard
• cobaltstrike
• config
• conti
• cpp
• darkside
• dbatloader
• debugging
• delphi
• deobfuscation
• detection_engineering
• diceloader
• dnlib
• doppeldridex
• Dot NET
• dotnet
• downloader
• dridex
• dumpulator
• emotet
• emulation
• entropy
• exceptions
• gh0st
• ghost rat
• golang
• goresym
• gozi
• guloader
• hackingteam
• hermetic
• hermetic wiper
• hermetic wizard
• hijacker
• icarus
• IDA
• ida
• isfb
• jupyter
• laplace
• loader
• Lockbit
• lockbit3
• Magniber
• malware
• Matanbuchus
• night sky
• noobsnight
• pandora
• PEB
• polyglot
• powershell
• privateloader
• python
• python3
• qakbot
• qbot
• ransomware
• rat
• redteam
• research
• rhadamanthys
• rm3
• shellcode
• shifted pointers
• smoke
• smokeloader
• solarmarker
• soldier
• source
• spreader
• squirrelwaffel
• static analysis
• stealer
• stl
• stormkitty
• symbolic execution
• syscalls
• threatintel
• tips
• titan
• tofsee
• tooling
• tracker
• triage
• types
• unicorn
• unpacking
• veh
• vmprotect
• warzone
• whispergate
• wiper
• yara

_LDR_DATA_TABLE_ENTRY

Rhadamanthys • Jan 19, 2023

_LIST_ENTRY

Rhadamanthys • Jan 19, 2023

agenttesla

AgentTesla • Nov 17, 2022

alphagolang

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

amadey

Amadey Loader • Nov 13, 2022

Triage Amadey Loader • May 29, 2022

angr

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

anti-debug

Guloader • Dec 16, 2022

APT

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

automation

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

bitrat

BitRat Exposed • Oct 20, 2022

blackcat

BlackCat Ransomware • Mar 16, 2022

blackmatter

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

botnet

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

boymoderre

Brute Ratel • Dec 11, 2022

brute ratel

Brute Ratel • Dec 11, 2022

bumblebee

Bumblebee Loader • May 12, 2022

clipboard

Clipboard Hijacker Detection • Sep 18, 2022

cobaltstrike

Cobalt Strike Analysis • Jun 9, 2022

config

Rhadamanthys • Jan 19, 2023

Guloader • Dec 16, 2022

Tofsee • Nov 20, 2022

Amadey Loader • Nov 13, 2022

BitRat Exposed • Oct 20, 2022

Icarus Stealer - What is it? • Oct 9, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Cobalt Strike Analysis • Jun 9, 2022

Triage Amadey Loader • May 29, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Jupyter Infostealer • Jan 30, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

conti

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

cpp

Tofsee • Nov 20, 2022

Amadey Loader • Nov 13, 2022

C++ STL Types • Nov 6, 2022

BitRat Exposed • Oct 20, 2022

darkside

Darkside Ransomware • Oct 8, 2021

dbatloader

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

DbatLoader Triage • Sep 4, 2022

debugging

Guloader • Dec 16, 2022

delphi

DbatLoader Triage • Sep 4, 2022

deobfuscation

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

detection_engineering

Malware Downloader Triage Notes • Jun 12, 2022

diceloader

Diceloader Triage Notes • Jun 16, 2022

dnlib

Dot NET Static Analysis With Python • Jul 14, 2021

doppeldridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

Dot NET

Jupyter Infostealer • Jan 30, 2022

Dot NET Static Analysis With Python • Jul 14, 2021

dotnet

AgentTesla • Nov 17, 2022

Icarus Stealer - What is it? • Oct 9, 2022

downloader

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

dridex

Dridex (DoppelDridex) Loader • Nov 30, 2021

dumpulator

Dumpulator VEH • Jan 15, 2023

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

emotet

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Emotet Deobfuscation • Apr 6, 2022

Emotet Config Extractor • Nov 18, 2021

emulation

Dumpulator VEH • Jan 15, 2023

Guloader • Dec 16, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Cobalt Strike Analysis • Jun 9, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

entropy

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

exceptions

Dumpulator VEH • Jan 15, 2023

gh0st

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

ghost rat

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

golang

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

goresym

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

gozi

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

guloader

Dumpulator VEH • Jan 15, 2023

Guloader • Dec 16, 2022

hackingteam

HackingTeam Soldier Implant • Jan 27, 2022

hermetic

Hermetic Wizard Malware • Mar 10, 2022

Hermetic Wiper Malware • Feb 27, 2022

hermetic wiper

Hermetic Wiper Malware • Feb 27, 2022

hermetic wizard

Hermetic Wizard Malware • Mar 10, 2022

hijacker

Clipboard Hijacker Detection • Sep 18, 2022

icarus

Icarus Stealer - What is it? • Oct 9, 2022

IDA

Rhadamanthys • Jan 19, 2023

ida

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

isfb

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

jupyter

Jupyter Infostealer • Jan 30, 2022

laplace

Laplace Clipper • Nov 27, 2022

loader

Amadey Loader • Nov 13, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Triage Amadey Loader • May 29, 2022

Bumblebee Loader • May 12, 2022

Lockbit

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

lockbit3

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Magniber

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

malware

Triage Amadey Loader • May 29, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Emotet x64 Stack Strings Config Emulation • May 19, 2022

Bumblebee Loader • May 12, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet 64-bit • Apr 30, 2022

Emotet Deobfuscation • Apr 6, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Hermetic Wizard Malware • Mar 10, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Hermetic Wiper Malware • Feb 27, 2022

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

Jupyter Infostealer • Jan 30, 2022

HackingTeam Soldier Implant • Jan 27, 2022

WhisperGate Malware • Jan 20, 2022

Night Sky Ransomware • Jan 6, 2022

Qakbot / Qbot • Dec 22, 2021

Dridex (DoppelDridex) Loader • Nov 30, 2021

Emotet Config Extractor • Nov 18, 2021

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

SquirrelWaffel Config Extraction • Sep 27, 2021

WarZone RAT • May 31, 2021

Matanbuchus

Matanbuchus Triage Notes • Jun 19, 2022

night sky

Night Sky Ransomware • Jan 6, 2022

noobsnight

PowerShell Loading Shellcode • Nov 24, 2022

pandora

Pandora Ransomware • Mar 19, 2022

PEB

Rhadamanthys • Jan 19, 2023

polyglot

Reversing Unknown Polyglot JPG Downloader • Feb 20, 2022

powershell

PowerShell Loading Shellcode • Nov 24, 2022

privateloader

PrivateLoader Triage • Sep 8, 2022

python

Brute Ratel • Dec 11, 2022

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

AgentTesla • Nov 17, 2022

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

BlackCat Ransomware • Mar 16, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

python3

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

qakbot

Qakbot / Qbot • Dec 22, 2021

qbot

Qakbot / Qbot • Dec 22, 2021

ransomware

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Pandora Ransomware • Mar 19, 2022

BlackCat Ransomware • Mar 16, 2022

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

Night Sky Ransomware • Jan 6, 2022

BlackMatter Ransomware Version 3 • Oct 30, 2021

BlackMatter Ransomware • Oct 28, 2021

Darkside Ransomware • Oct 8, 2021

rat

Brute Ratel • Dec 11, 2022

BitRat Exposed • Oct 20, 2022

redteam

Brute Ratel • Dec 11, 2022

research

Brute Ratel • Dec 11, 2022

Titan Stealer • Dec 1, 2022

Laplace Clipper • Nov 27, 2022

AgentTesla • Nov 17, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

Reversing Tips With Python3 • Jul 26, 2021

Dot NET Static Analysis With Python • Jul 14, 2021

Python3 Tips and Sample Code • Jun 27, 2021

rhadamanthys

Rhadamanthys • Jan 19, 2023

rm3

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

shellcode

PowerShell Loading Shellcode • Nov 24, 2022

shifted pointers

Rhadamanthys • Jan 19, 2023

smoke

SmokeLoader Triage • Aug 25, 2022

smokeloader

SmokeLoader Triage • Aug 25, 2022

solarmarker

Jupyter Infostealer • Jan 30, 2022

soldier

HackingTeam Soldier Implant • Jan 27, 2022

source

Conti Ransomware V2 Source Code Leak • Mar 3, 2022

spreader

Hermetic Wizard Malware • Mar 10, 2022

squirrelwaffel

SquirrelWaffel Config Extraction • Sep 27, 2021

static analysis

Dot NET Static Analysis With Python • Jul 14, 2021

stealer

Titan Stealer • Dec 1, 2022

stl

Amadey Loader • Nov 13, 2022

C++ STL Types • Nov 6, 2022

stormkitty

Dot NET Static Analysis With Python • Jul 14, 2021

symbolic execution

Emotet Deobfuscation Generic Solution • Apr 20, 2022

Symbolic Execution For Deobfuscation The Basics • Apr 13, 2022

Emotet Deobfuscation • Apr 6, 2022

Angr Control Flow Deobfuscation • Mar 26, 2022

syscalls

Magniber Ransomware Triage • May 6, 2022

Syscall Reversing • May 3, 2022

threatintel

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

tips

Reversing Tips With Python3 • Jul 26, 2021

Python3 Tips and Sample Code • Jun 27, 2021

titan

Titan Stealer • Dec 1, 2022

tofsee

Tofsee • Nov 20, 2022

tooling

C++ STL Types • Nov 6, 2022

tracker

Threat Intel - Building A Simple Botnet Tracker • Oct 13, 2022

triage

Clipboard Hijacker Detection • Sep 18, 2022

PrivateLoader Triage • Sep 8, 2022

DbatLoader Triage • Sep 4, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022

Triage Amadey Loader • May 29, 2022

types

C++ STL Types • Nov 6, 2022

unicorn

Guloader • Dec 16, 2022

unpacking

Does Entropy Matter? A Pseudoscientific Study! • May 26, 2022

Bumblebee Loader • May 12, 2022

Pandora Ransomware • Mar 19, 2022

HackingTeam Soldier Implant • Jan 27, 2022

veh

Dumpulator VEH • Jan 15, 2023

vmprotect

HackingTeam Soldier Implant • Jan 27, 2022

Night Sky Ransomware • Jan 6, 2022

warzone

WarZone RAT • May 31, 2021

whispergate

WhisperGate Malware • Jan 20, 2022

wiper

Hermetic Wiper Malware • Feb 27, 2022

yara

Icarus Stealer - What is it? • Oct 9, 2022

ISFB / GOZI / RM3 Config Extraction • Oct 6, 2022

Clipboard Hijacker Detection • Sep 18, 2022

SmokeLoader Triage • Aug 25, 2022

Lockbit 3.0 Ransomware Triage • Jul 7, 2022

Matanbuchus Triage Notes • Jun 19, 2022

Diceloader Triage Notes • Jun 16, 2022

Malware Downloader Triage Notes • Jun 12, 2022