Click here to download all references as Bib-File.•
| 2023-07-23
⋅
forensicitguy
⋅
Malware via VHD Files, an Excellent Choice |
| 2022-08-07
⋅
forensicitguy
⋅
Analyzing .NET Core Single File Samples (DUCKTAIL Case Study) DUCKTAIL |
| 2022-05-13
⋅
forensicitguy
⋅
Analyzing a Pirrit adware installer Pirrit |
| 2022-04-24
⋅
forensicitguy
⋅
Shortcut to Emotet, an odd TTP change Emotet |
| 2022-04-16
⋅
forensicitguy
⋅
Snip3 Crypter used with DCRat via VBScript DCRat |
| 2022-03-26
⋅
forensicitguy
⋅
An AgentTesla Sample Using VBA Macros and Certutil Agent Tesla |
| 2022-02-12
⋅
forensicitguy
⋅
Analyzing a Stealer MSI using msitools Arkei Stealer |
| 2022-02-11
⋅
forensicitguy
⋅
XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets Formbook |
| 2022-02-06
⋅
forensicitguy
⋅
AgentTesla From RTF Exploitation to .NET Tradecraft Agent Tesla |
| 2022-02-03
⋅
forensicitguy
⋅
njRAT Installed from a MSI NjRAT |
| 2022-02-02
⋅
forensicitguy
⋅
STRRAT Attached to a MSI File STRRAT |
| 2022-01-27
⋅
forensicitguy
⋅
GuLoader Executing Shellcode Using Callback Functions CloudEyE |
| 2022-01-23
⋅
forensicitguy
⋅
HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET BitRAT |
| 2022-01-22
⋅
forensicitguy
⋅
BazarISO Analysis - Loading with Advpack.dll BazarBackdoor |
| 2022-01-17
⋅
forensicitguy
⋅
Emotet's Excel 4.0 Macros Dropping DLLs Emotet |
| 2022-01-16
⋅
forensicitguy
⋅
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike CACTUSTORCH Cobalt Strike |
| 2022-01-09
⋅
forensicitguy
⋅
Inspecting a PowerShell Cobalt Strike Beacon Cobalt Strike |
| 2022-01-04
⋅
forensicitguy
⋅
Extracting Indicators from a Packed Mirai Sample Mirai |
| 2022-01-03
⋅
forensicitguy
⋅
A Tale of Two Dropper Scripts for Agent Tesla Agent Tesla |
| 2022-01-02
⋅
forensicitguy
⋅
Analyzing a Magnitude EK Appx Package Dropping Magniber Magniber |
| 2022-01-01
⋅
forensicitguy
⋅
Analyzing an IcedID Loader Document IcedID |