This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• BlackMatter Ransomware Version 3

  Analysis of BlackMatter Ransomware Version 3 and Config Extraction

  Oct 30, 2021

• BlackMatter Ransomware

  BlackMatter Ransomware Config Extraction

  Oct 28, 2021

• Darkside Ransomware

  Analysis of Darkside Ransomware and Config Extraction

  Oct 8, 2021

• Hancitor

  Hancitor static config extractor

  Oct 4, 2021

• SquirrelWaffel Config Extraction

  Writing a config extractor for SquirrelWaffel

  Sep 27, 2021

• Reversing Tips With Python3

  Tips for reverse engineering with Python3

  Jul 26, 2021

• Dot NET Static Analysis With Python

  How to use python, mono, and dnlib to perform static analysis of Dot NET code

  Jul 14, 2021

• Python3 Tips and Sample Code

  Some helpful code for binary manipulation with Python3

  Jun 27, 2021

• WarZone RAT

  WarZone static config extractor

  May 31, 2021