Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-09Github (cocomelonc)cocomelonc
@online{cocomelonc:20230309:malware:fe37ea5, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 12: encrypt/decrypt payload via Madryga. Simple C++ example.}}, date = {2023-03-09}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/malware/2023/03/09/malware-av-evasion-13.html}, language = {English}, urldate = {2023-03-13} } Malware AV/VM evasion - part 12: encrypt/decrypt payload via Madryga. Simple C++ example.
2023-02-20cocomelonccocomelonc
@online{cocomelonc:20230220:malware:7672472, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 12: encrypt payload via TEA. Simple C++ example.}}, date = {2023-02-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/20/malware-av-evasion-12.html}, language = {English}, urldate = {2023-03-04} } Malware AV/VM evasion - part 12: encrypt payload via TEA. Simple C++ example.
2023-02-12cocomelonccocomelonc
@online{cocomelonc:20230212:malware:19bd9ec, author = {cocomelonc}, title = {{Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.}}, date = {2023-02-12}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/12/malware-av-evasion-11.html}, language = {English}, urldate = {2023-03-04} } Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.
2023-02-10cocomelonccocomelonc
@online{cocomelonc:20230210:malware:15c1a75, author = {cocomelonc}, title = {{Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware}}, date = {2023-02-10}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/10/malware-analysis-8.html}, language = {English}, urldate = {2023-02-10} } Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware
Conti
2023-02-02cocomelonccocomelonc
@online{cocomelonc:20230202:malware:1148f55, author = {cocomelonc}, title = {{Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware}}, date = {2023-02-02}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/02/02/malware-analysis-7.html}, language = {English}, urldate = {2023-02-09} } Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware
REvil
2023-01-20cocomelonccocomelonc
@online{cocomelonc:20230120:malware:c480361, author = {cocomelonc}, title = {{Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.}}, date = {2023-01-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html}, language = {English}, urldate = {2023-01-23} } Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
2023-01-04cocomelonc
@online{cocomelonc:20230104:malware:7653c80, author = {cocomelonc}, title = {{Malware development tricks: part 26. Mutex. C++ example.}}, date = {2023-01-04}, url = {https://cocomelonc.github.io/malware/2023/01/04/malware-tricks-26.html}, language = {English}, urldate = {2023-01-10} } Malware development tricks: part 26. Mutex. C++ example.
AsyncRAT Conti HelloKitty
2022-12-21cocomelonccocomelonc
@online{cocomelonc:20221221:malware:15de997, author = {cocomelonc}, title = {{Malware development tricks: part 25. EnumerateLoadedModules. Simple C++ example.}}, date = {2022-12-21}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/12/21/malware-tricks-25.html}, language = {English}, urldate = {2022-12-29} } Malware development tricks: part 25. EnumerateLoadedModules. Simple C++ example.
2022-12-09cocomelonccocomelonc
@online{cocomelonc:20221209:malware:cff0b3d, author = {cocomelonc}, title = {{Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.}}, date = {2022-12-09}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2022/12/09/malware-pers-20.html}, language = {English}, urldate = {2022-12-12} } Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.
Attor Zebrocy
2022-11-27cocomelonccocomelonc
@online{cocomelonc:20221127:malware:e3f9492, author = {cocomelonc}, title = {{Malware development tricks: part 24. ListPlanting. Simple C++ example.}}, date = {2022-11-27}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/11/27/malware-tricks-24.html}, language = {English}, urldate = {2022-11-28} } Malware development tricks: part 24. ListPlanting. Simple C++ example.
InvisiMole
2022-11-16cocomelonccocomelonc
@online{cocomelonc:20221116:malware:69e2118, author = {cocomelonc}, title = {{Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.}}, date = {2022-11-16}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2022/11/16/malware-pers-19.html}, language = {English}, urldate = {2022-11-21} } Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.
2022-11-05cocomelonccocomelonc
@online{cocomelonc:20221105:malware:d52ac5b, author = {cocomelonc}, title = {{Malware analysis: part 6. Shannon entropy. Simple python script.}}, date = {2022-11-05}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/11/05/malware-analysis-6.html}, language = {English}, urldate = {2022-11-11} } Malware analysis: part 6. Shannon entropy. Simple python script.
2022-10-28cocomelonccocomelonc
@online{cocomelonc:20221028:techniques:0ea2e5c, author = {cocomelonc}, title = {{APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.}}, date = {2022-10-28}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/10/28/token-theft-2.html}, language = {English}, urldate = {2022-11-11} } APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.
2022-09-30cocomelonccocomelonc
@online{cocomelonc:20220930:malware:eb2f3c8, author = {cocomelonc}, title = {{Malware development: persistence - part 12. Accessibility Features. Simple C++ example.}}, date = {2022-09-30}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/09/30/malware-pers-12.html}, language = {English}, urldate = {2022-10-14} } Malware development: persistence - part 12. Accessibility Features. Simple C++ example.
2022-09-25cocomelonccocomelonc
@online{cocomelonc:20220925:techniques:3e88b21, author = {cocomelonc}, title = {{APT techniques: Access Token manipulation. Token theft. Simple C++ example.}}, date = {2022-09-25}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/09/25/token-theft-1.html}, language = {English}, urldate = {2022-11-10} } APT techniques: Access Token manipulation. Token theft. Simple C++ example.
2022-09-20cocomelonc
@online{cocomelonc:20220920:malware:c0e9c97, author = {cocomelonc}, title = {{Malware development: persistence - part 11. Powershell profile. Simple C++ example.}}, date = {2022-09-20}, url = {https://cocomelonc.github.io/malware/2022/09/20/malware-pers-11.html}, language = {English}, urldate = {2022-10-19} } Malware development: persistence - part 11. Powershell profile. Simple C++ example.
Turla RAT TurlaRPC
2022-09-10cocomelonc
@online{cocomelonc:20220910:malware:edaf050, author = {cocomelonc}, title = {{Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.}}, date = {2022-09-10}, url = {https://cocomelonc.github.io/malware/2022/09/10/malware-pers-10.html}, language = {English}, urldate = {2022-10-19} } Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.
SUNBURST
2022-09-06cocomelonccocomelonc
@online{cocomelonc:20220906:malware:a09756f, author = {cocomelonc}, title = {{Malware development tricks: parent PID spoofing. Simple C++ example.}}, date = {2022-09-06}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/09/06/malware-tricks-23.html}, language = {English}, urldate = {2022-11-17} } Malware development tricks: parent PID spoofing. Simple C++ example.
Cobalt Strike Konni
2022-08-26cocomelonc
@online{cocomelonc:20220826:malware:c330f1e, author = {cocomelonc}, title = {{Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.}}, date = {2022-08-26}, url = {https://cocomelonc.github.io/malware/2022/08/26/malware-pers-9.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.
Kimsuky
2022-07-30cocomelonc
@online{cocomelonc:20220730:malware:0f84be1, author = {cocomelonc}, title = {{Malware AV evasion - part 8. Encode payload via Z85}}, date = {2022-07-30}, url = {https://cocomelonc.github.io/malware/2022/07/30/malware-av-evasion-8.html}, language = {English}, urldate = {2022-12-01} } Malware AV evasion - part 8. Encode payload via Z85
Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector