Malpedia Library

Click here to download all references as Bib-File.•

2023-10-20 ⋅ Twitter (@embee_research) ⋅ Embee_research
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
Cobalt Strike

2023-10-18 ⋅ Twitter (@embee_research) ⋅ Embee_research
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike

2023-10-16 ⋅ Twitter (@embee_research) ⋅ Embee_research
Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader
DarkGate

2023-10-13 ⋅ Twitter (@JAMESWT_MHT) ⋅ JamesWT
Tweets on Wikiloader delivering ISFB
ISFB WikiLoader

2023-10-10 ⋅ Twitter (@embee_research) ⋅ Embee_research
How To Develop Yara Rules for .NET Malware Using IL ByteCodes
RedLine Stealer

2023-10-05 ⋅ Twitter (@embee_research) ⋅ Embee_research
Introduction to DotNet Configuration Extraction - RevengeRAT
Revenge RAT

2023-10-04 ⋅ Twitter (@embee_research) ⋅ Embee_research
Developing Yara Signatures for Malware - Practical Examples
DarkGate Lu0Bot

2023-09-19 ⋅ Medium (@DCSO_CyTec) ⋅ Johann Aydinbas
#ShortAndMalicious — DarkGate
DarkGate

2023-08-23 ⋅ Twitter (@embee_research) ⋅ Embee_research, Huntress Labs
Extracting Xworm from Bloated Golang Executable
XWorm

2023-08-23 ⋅ Twitter (@cyberwar_15) ⋅ cyberwar_15
Tweet about VT upload of "Cloud agnostic IAM permissions enumerator" from North Korea

2023-07-23 ⋅ Medium infoSec Write-ups ⋅ mov_eax_27
Unpacking an Emotet Trojan
Emotet

2023-07-11 ⋅ Twitter (@embee_research) ⋅ Embee_research
Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp
DarkSide

2023-06-24 ⋅ Twitter (@embee_research) ⋅ Embee_research
SmokeLoader - Malware Analysis and Decoding With Procmon
SmokeLoader

2023-06-08 ⋅ Twitter (@embee_research) ⋅ Embee_research
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker

2023-05-19 ⋅ Twitter (@embee_research) ⋅ Embee_research
Analysis of Amadey Bot Infrastructure Using Shodan
Amadey

2023-05-18 ⋅ Twitter (@embee_research) ⋅ Embee_research
Identifying Laplas Infrastructure Using Shodan and Censys
LaplasClipper

2023-05-17 ⋅ Medium (@DCSO_CyTec) ⋅ Axel Wauer, Emilia Neuber, Jiro Minier, Johann Aydinbas, Kritika Roy
Andariel’s “Jupiter” malware and the case of the curious C2
Jupiter

2023-05-15 ⋅ embeeresearch ⋅ Embee_research
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys
Quasar RAT

2023-05-07 ⋅ Twitter (@embee_research) ⋅ Matthew
AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
Agent Tesla

2023-04-21 ⋅ Symantec ⋅ Threat Hunter Team
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
VEILEDSIGNAL