Click here to download all references as Bib-File.•
| 2025-02-12
⋅
Red Canary
⋅
Defying tunneling: A Wicked approach to detecting malicious network traffic AsyncRAT DCRat NjRAT XWorm |
| 2023-07-23
⋅
forensicitguy
⋅
Malware via VHD Files, an Excellent Choice |
| 2022-08-07
⋅
forensicitguy
⋅
Analyzing .NET Core Single File Samples (DUCKTAIL Case Study) DUCKTAIL |
| 2022-05-13
⋅
forensicitguy
⋅
Analyzing a Pirrit adware installer Pirrit |
| 2022-05-12
⋅
Red Canary
⋅
The Goot cause: Detecting Gootloader and its follow-on activity GootLoader Cobalt Strike |
| 2022-05-12
⋅
Red Canary
⋅
Gootloader and Cobalt Strike malware analysis GootLoader Cobalt Strike |
| 2022-04-24
⋅
forensicitguy
⋅
Shortcut to Emotet, an odd TTP change Emotet |
| 2022-04-16
⋅
forensicitguy
⋅
Snip3 Crypter used with DCRat via VBScript DCRat |
| 2022-03-26
⋅
forensicitguy
⋅
An AgentTesla Sample Using VBA Macros and Certutil Agent Tesla |
| 2022-02-12
⋅
forensicitguy
⋅
Analyzing a Stealer MSI using msitools Arkei Stealer |
| 2022-02-11
⋅
forensicitguy
⋅
XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets Formbook |
| 2022-02-06
⋅
forensicitguy
⋅
AgentTesla From RTF Exploitation to .NET Tradecraft Agent Tesla |
| 2022-02-03
⋅
forensicitguy
⋅
njRAT Installed from a MSI NjRAT |
| 2022-02-02
⋅
forensicitguy
⋅
STRRAT Attached to a MSI File STRRAT |
| 2022-01-27
⋅
forensicitguy
⋅
GuLoader Executing Shellcode Using Callback Functions CloudEyE |
| 2022-01-23
⋅
forensicitguy
⋅
HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET BitRAT |
| 2022-01-22
⋅
forensicitguy
⋅
BazarISO Analysis - Loading with Advpack.dll BazarBackdoor |
| 2022-01-17
⋅
forensicitguy
⋅
Emotet's Excel 4.0 Macros Dropping DLLs Emotet |
| 2022-01-16
⋅
forensicitguy
⋅
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike CACTUSTORCH Cobalt Strike |
| 2022-01-09
⋅
forensicitguy
⋅
Inspecting a PowerShell Cobalt Strike Beacon Cobalt Strike |