Click here to download all references as Bib-File.
| 2023-12-03 ⋅ Twitter (@vxunderground) ⋅ Tweet about ALPHV group compromising Tipalti to pressure its clients. BlackCat BlackCat |
| 2023-11-30 ⋅ Twitter (@embee_research) ⋅ Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates QakBot |
| 2023-11-27 ⋅ Twitter (@embee_research) ⋅ Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian) BianLian |
| 2023-11-26 ⋅ Twitter (@embee_research) ⋅ Identifying Suspected PrivateLoader Servers with Censys PrivateLoader |
| 2023-11-22 ⋅ Twitter (@embee_research) ⋅ Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
| 2023-11-19 ⋅ Twitter (@embee_research) ⋅ Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike Amadey Cobalt Strike RedLine Stealer SmokeLoader |
| 2023-11-15 ⋅ Twitter (@embee_research) ⋅ Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer RedLine Stealer RisePro |
| 2023-11-13 ⋅ Twitter (@malwrhunterteam) ⋅ Tweet on Qilin Linux Locker Qilin |
| 2023-11-13 ⋅ Twitter (@malwrhunterteam) ⋅ Tweet on Linux version of Rhysida Rhysida |
| 2023-11-06 ⋅ Twitter (@embee_research) ⋅ Unpacking Malware With Hardware Breakpoints - Cobalt Strike Cobalt Strike |
| 2023-11-01 ⋅ Twitter (@embee_research) ⋅ Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear) AsyncRAT |
| 2023-10-30 ⋅ Twitter (@embee_research) ⋅ Unpacking .NET Malware With Process Hacker and Dnspy AsyncRAT |
| 2023-10-27 ⋅ Twitter (@embee_research) ⋅ Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell Remcos |
| 2023-10-23 ⋅ Twitter (@embee_research) ⋅ Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation Cobalt Strike |
| 2023-10-20 ⋅ Twitter (@embee_research) ⋅ Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation Cobalt Strike |
| 2023-10-18 ⋅ Twitter (@embee_research) ⋅ Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function Cobalt Strike |
| 2023-10-16 ⋅ Twitter (@embee_research) ⋅ Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader DarkGate |
| 2023-10-13 ⋅ Twitter (@JAMESWT_MHT) ⋅ Tweets on Wikiloader delivering ISFB ISFB WikiLoader |
| 2023-10-11 ⋅ Twitter (@MsftSecIntel) ⋅ Tweet on Storm-0062 exploiting CVE-2023-22515 |
| 2023-10-10 ⋅ Twitter (@embee_research) ⋅ How To Develop Yara Rules for .NET Malware Using IL ByteCodes RedLine Stealer |