Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-23forensicitguyTony Lambert
Malware via VHD Files, an Excellent Choice
2022-08-07forensicitguyTony Lambert
Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)
DUCKTAIL
2022-05-13forensicitguyTony Lambert
Analyzing a Pirrit adware installer
Pirrit
2022-05-12Red CanaryLauren Podber, Tony Lambert
The Goot cause: Detecting Gootloader and its follow-on activity
GootLoader Cobalt Strike
2022-05-12Red CanaryLauren Podber, Tony Lambert
Gootloader and Cobalt Strike malware analysis
GootLoader Cobalt Strike
2022-04-24forensicitguyTony Lambert
Shortcut to Emotet, an odd TTP change
Emotet
2022-04-16forensicitguyTony Lambert
Snip3 Crypter used with DCRat via VBScript
DCRat
2022-03-26forensicitguyTony Lambert
An AgentTesla Sample Using VBA Macros and Certutil
Agent Tesla
2022-02-12forensicitguyTony Lambert
Analyzing a Stealer MSI using msitools
Arkei Stealer
2022-02-11forensicitguyTony Lambert
XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets
Formbook
2022-02-06forensicitguyTony Lambert
AgentTesla From RTF Exploitation to .NET Tradecraft
Agent Tesla
2022-02-03forensicitguyTony Lambert
njRAT Installed from a MSI
NjRAT
2022-02-02forensicitguyTony Lambert
STRRAT Attached to a MSI File
STRRAT
2022-01-27forensicitguyTony Lambert
GuLoader Executing Shellcode Using Callback Functions
CloudEyE
2022-01-23forensicitguyTony Lambert
HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET
BitRAT
2022-01-22forensicitguyTony Lambert
BazarISO Analysis - Loading with Advpack.dll
BazarBackdoor
2022-01-17forensicitguyTony Lambert
Emotet's Excel 4.0 Macros Dropping DLLs
Emotet
2022-01-16forensicitguyTony Lambert
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
CACTUSTORCH Cobalt Strike
2022-01-09forensicitguyTony Lambert
Inspecting a PowerShell Cobalt Strike Beacon
Cobalt Strike
2022-01-04forensicitguyTony Lambert
Extracting Indicators from a Packed Mirai Sample
Mirai