Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-26cocomelonccocomelonc
@online{cocomelonc:20230526:malware:2af92da, author = {cocomelonc}, title = {{Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example.}}, date = {2023-05-26}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/05/26/malware-tricks-30.html}, language = {English}, urldate = {2023-05-30} } Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example.
2023-05-19cocomelonccocomelonc
@online{cocomelonc:20230519:malware:3b9112f, author = {cocomelonc}, title = {{Malware source code investigation: AsyncRAT}}, date = {2023-05-19}, organization = {cocomelonc}, url = {https://mssplab.github.io/threat-hunting/2023/05/19/malware-src-asyncrat.html}, language = {English}, urldate = {2023-05-26} } Malware source code investigation: AsyncRAT
AsyncRAT
2023-05-11cocomelonccocomelonc
@online{cocomelonc:20230511:malware:f557876, author = {cocomelonc}, title = {{Malware development trick - part 28: Dump lsass.exe. Simple C++ example.}}, date = {2023-05-11}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/05/11/malware-tricks-28.html}, language = {English}, urldate = {2023-05-15} } Malware development trick - part 28: Dump lsass.exe. Simple C++ example.
Cobalt Strike APT3 Keylogger
2023-05-08cocomelonccocomelonc
@online{cocomelonc:20230508:malware:d344f4a, author = {cocomelonc}, title = {{Malware analysis report: WinDealer (LuoYu Threat Group)}}, date = {2023-05-08}, organization = {cocomelonc}, url = {https://mssplab.github.io/threat-hunting/2023/05/08/malware-analysis-windealer.html}, language = {English}, urldate = {2023-05-10} } Malware analysis report: WinDealer (LuoYu Threat Group)
WinDealer
2023-04-27cocomelonccocomelonc
@online{cocomelonc:20230427:malware:07d1a14, author = {cocomelonc}, title = {{Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example.}}, date = {2023-04-27}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/04/27/malware-tricks-27.html}, language = {English}, urldate = {2023-05-10} } Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example.
2023-04-16cocomelonccocomelonc
@online{cocomelonc:20230416:malware:214937b, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 15: WinAPI GetProcAddress implementation. Simple C++ example.}}, date = {2023-04-16}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/04/16/malware-av-evasion-16.html}, language = {English}, urldate = {2023-05-10} } Malware AV/VM evasion - part 15: WinAPI GetProcAddress implementation. Simple C++ example.
2023-04-08cocomelonccocomelonc
@online{cocomelonc:20230408:malware:a7c22c4, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.}}, date = {2023-04-08}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/04/08/malware-av-evasion-15.html}, language = {English}, urldate = {2023-05-10} } Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.
2023-03-24cocomelonccocomelonc
@online{cocomelonc:20230324:malware:972beff, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.}}, date = {2023-03-24}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html}, language = {English}, urldate = {2023-03-30} } Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.
2023-03-09Github (cocomelonc)cocomelonc
@online{cocomelonc:20230309:malware:fe37ea5, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.}}, date = {2023-03-09}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/malware/2023/03/09/malware-av-evasion-13.html}, language = {English}, urldate = {2023-03-30} } Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.
2023-02-20cocomelonccocomelonc
@online{cocomelonc:20230220:malware:7672472, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 12: encrypt payload via TEA. Simple C++ example.}}, date = {2023-02-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/20/malware-av-evasion-12.html}, language = {English}, urldate = {2023-03-04} } Malware AV/VM evasion - part 12: encrypt payload via TEA. Simple C++ example.
2023-02-12cocomelonccocomelonc
@online{cocomelonc:20230212:malware:19bd9ec, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.}}, date = {2023-02-12}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/12/malware-av-evasion-11.html}, language = {English}, urldate = {2023-03-04} } Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.
2023-02-10cocomelonccocomelonc
@online{cocomelonc:20230210:malware:15c1a75, author = {cocomelonc}, title = {{Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware}}, date = {2023-02-10}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/10/malware-analysis-8.html}, language = {English}, urldate = {2023-02-10} } Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware
Conti
2023-02-02cocomelonccocomelonc
@online{cocomelonc:20230202:malware:1148f55, author = {cocomelonc}, title = {{Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware}}, date = {2023-02-02}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/02/malware-analysis-7.html}, language = {English}, urldate = {2023-02-09} } Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware
REvil
2023-01-20cocomelonccocomelonc
@online{cocomelonc:20230120:malware:c480361, author = {cocomelonc}, title = {{Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.}}, date = {2023-01-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html}, language = {English}, urldate = {2023-01-23} } Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
2023-01-04cocomelonc
@online{cocomelonc:20230104:malware:7653c80, author = {cocomelonc}, title = {{Malware development tricks: part 26. Mutex. C++ example.}}, date = {2023-01-04}, url = {https://cocomelonc.github.io/malware/2023/01/04/malware-tricks-26.html}, language = {English}, urldate = {2023-01-10} } Malware development tricks: part 26. Mutex. C++ example.
AsyncRAT Conti HelloKitty
2022-12-21cocomelonccocomelonc
@online{cocomelonc:20221221:malware:15de997, author = {cocomelonc}, title = {{Malware development tricks: part 25. EnumerateLoadedModules. Simple C++ example.}}, date = {2022-12-21}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/12/21/malware-tricks-25.html}, language = {English}, urldate = {2022-12-29} } Malware development tricks: part 25. EnumerateLoadedModules. Simple C++ example.
2022-12-09cocomelonccocomelonc
@online{cocomelonc:20221209:malware:cff0b3d, author = {cocomelonc}, title = {{Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.}}, date = {2022-12-09}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2022/12/09/malware-pers-20.html}, language = {English}, urldate = {2022-12-12} } Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.
Attor Zebrocy
2022-11-27cocomelonccocomelonc
@online{cocomelonc:20221127:malware:e3f9492, author = {cocomelonc}, title = {{Malware development tricks: part 24. ListPlanting. Simple C++ example.}}, date = {2022-11-27}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/11/27/malware-tricks-24.html}, language = {English}, urldate = {2022-11-28} } Malware development tricks: part 24. ListPlanting. Simple C++ example.
InvisiMole
2022-11-16cocomelonccocomelonc
@online{cocomelonc:20221116:malware:69e2118, author = {cocomelonc}, title = {{Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.}}, date = {2022-11-16}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2022/11/16/malware-pers-19.html}, language = {English}, urldate = {2022-11-21} } Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.
2022-11-05cocomelonccocomelonc
@online{cocomelonc:20221105:malware:d52ac5b, author = {cocomelonc}, title = {{Malware analysis: part 6. Shannon entropy. Simple python script.}}, date = {2022-11-05}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/11/05/malware-analysis-6.html}, language = {English}, urldate = {2022-11-11} } Malware analysis: part 6. Shannon entropy. Simple python script.