Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-23Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20230823:extracting:f1277f5, author = {Embee_research and Huntress Labs}, title = {{Extracting Xworm from Bloated Golang Executable}}, date = {2023-08-23}, organization = {Twitter (@embee_research)}, url = {https://x.com/embee_research/status/1694635899903152619}, language = {English}, urldate = {2023-08-25} } Extracting Xworm from Bloated Golang Executable
XWorm
2023-07-11Twitter (@embee_research)Embee_research
@online{embeeresearch:20230711:tweets:ab48f14, author = {Embee_research}, title = {{Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp}}, date = {2023-07-11}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1678631524374020098?s=46}, language = {English}, urldate = {2023-07-16} } Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp
DarkSide
2023-06-24Twitter (@embee_research)Embee_research
@online{embeeresearch:20230624:smokeloader:9b36b55, author = {Embee_research}, title = {{SmokeLoader - Malware Analysis and Decoding With Procmon}}, date = {2023-06-24}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/smokeloader-analysis-with-procmon/}, language = {English}, urldate = {2023-06-24} } SmokeLoader - Malware Analysis and Decoding With Procmon
SmokeLoader
2023-06-08Twitter (@embee_research)Embee_research
@online{embeeresearch:20230608:practical:61d0677, author = {Embee_research}, title = {{Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries}}, date = {2023-06-08}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/shodan-censys-queries/}, language = {English}, urldate = {2023-06-09} } Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker
2023-05-19Twitter (@embee_research)Embee_research
@online{embeeresearch:20230519:analysis:92de1d2, author = {Embee_research}, title = {{Analysis of Amadey Bot Infrastructure Using Shodan}}, date = {2023-05-19}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/amadey-bot-infrastructure/}, language = {English}, urldate = {2023-05-21} } Analysis of Amadey Bot Infrastructure Using Shodan
Amadey
2023-05-18Twitter (@embee_research)Embee_research
@online{embeeresearch:20230518:identifying:a7f1165, author = {Embee_research}, title = {{Identifying Laplas Infrastructure Using Shodan and Censys}}, date = {2023-05-18}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/laplas-clipper-infrastructure/}, language = {English}, urldate = {2023-05-26} } Identifying Laplas Infrastructure Using Shodan and Censys
LaplasClipper
2023-05-07Twitter (@embee_research)Matthew
@online{matthew:20230507:agenttesla:65bf8af, author = {Matthew}, title = {{AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints}}, date = {2023-05-07}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/agenttesla-full-analysis-api-hashing/}, language = {English}, urldate = {2023-05-08} } AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
Agent Tesla
2023-04-10Twitter (@embee_research)Matthew
@online{matthew:20230410:redline:397ebbf, author = {Matthew}, title = {{Redline Stealer - Static Analysis and C2 Extraction}}, date = {2023-04-10}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/redline-stealer-basic-static-analysis-and-c2-extraction/}, language = {English}, urldate = {2023-04-14} } Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer
2023-04-08Twitter (@embee_research)Embee_research
@online{embeeresearch:20230408:dcrat:8151f7a, author = {Embee_research}, title = {{Dcrat - Manual De-obfuscation of .NET Malware}}, date = {2023-04-08}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/dcrat-manual-de-obfuscation/}, language = {English}, urldate = {2023-04-10} } Dcrat - Manual De-obfuscation of .NET Malware
DCRat
2022-11-14Twitter (@embee_research)Matthew
@online{matthew:20221114:twitter:9b57525, author = {Matthew}, title = {{Twitter thread on Yara Signatures for Qakbot Encryption Routines}}, date = {2022-11-14}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1592067841154756610?s=20}, language = {English}, urldate = {2022-11-18} } Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-10-12Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221012:tweets:3284cd3, author = {Embee_research and Huntress Labs}, title = {{Tweets on detection of Brute Ratel via API Hashes}}, date = {2022-10-12}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1580030303950995456?s=20&t=0vfXnrCXaVSX-P-hiSrFwA}, language = {English}, urldate = {2022-11-21} } Tweets on detection of Brute Ratel via API Hashes
Brute Ratel C4
2022-10-11Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20221011:havoc:3bc6fb5, author = {Embee_research and Huntress Labs}, title = {{Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes}}, date = {2022-10-11}, organization = {Twitter (@embee_research)}, url = {https://twitter.com/embee_research/status/1579668721777643520?s=20&t=nDJOv1Yf5mQZKCou7qMrhQ}, language = {English}, urldate = {2022-11-21} } Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes
Havoc