Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-22tccontre Blogtcontre
@online{tcontre:20210222:gh0strat:9f98308, author = {tcontre}, title = {{Gh0stRat Anti-Debugging: Nested SEH (try - catch) to Decrypt and Load its Payload}}, date = {2021-02-22}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2021/02/gh0strat-anti-debugging-nested-seh-try.html}, language = {English}, urldate = {2021-02-25} } Gh0stRat Anti-Debugging: Nested SEH (try - catch) to Decrypt and Load its Payload
Ghost RAT
2021-01-18tccontre Blogtcontre
@online{tcontre:20210118:extracting:4935b1c, author = {tcontre}, title = {{Extracting Shellcode in ICEID .PNG Steganography}}, date = {2021-01-18}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2021/01/}, language = {English}, urldate = {2021-01-21} } Extracting Shellcode in ICEID .PNG Steganography
IcedID
2020-11-05tccontre Blogtcontre
@online{tcontre:20201105:interesting:17c82b2, author = {tcontre}, title = {{Interesting FormBook Crypter - unconventional way to store encrypted data}}, date = {2020-11-05}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2020/11/interesting-formbook-crypter.html}, language = {English}, urldate = {2020-11-06} } Interesting FormBook Crypter - unconventional way to store encrypted data
Formbook
2020-08-10tccontre Blogtccontre
@online{tccontre:20200810:learning:8cc052c, author = {tccontre}, title = {{Learning From ICEID loader - Including its Steganography Payload Parsing}}, date = {2020-08-10}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2020/08/learning-from-iceid-loader-including.html}, language = {English}, urldate = {2020-08-14} } Learning From ICEID loader - Including its Steganography Payload Parsing
IcedID
2020-05-14tccontre Blogtcontre
@online{tcontre:20200514:netwalker:eabf178, author = {tcontre}, title = {{Netwalker Ransomware: [API Call Obfuscation (using Structure) and Evading Memory Forensic]}}, date = {2020-05-14}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2020/05/netwalker-ransomware-api-call.html}, language = {English}, urldate = {2020-05-19} } Netwalker Ransomware: [API Call Obfuscation (using Structure) and Evading Memory Forensic]
Mailto
2020-04-08tccontre Blogtcontre
@online{tcontre:20200408:covid19:9c90c45, author = {tcontre}, title = {{COVID19 Malware Analysis - with Kill MBR Feature}}, date = {2020-04-08}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2020/04/covid19-malware-analysis-with-kill-mbr.html}, language = {English}, urldate = {2020-04-21} } COVID19 Malware Analysis - with Kill MBR Feature
CoViper
2019-11-05tccontre Blogtccontre
@online{tccontre:20191105:cobaltstrike:02e37af, author = {tccontre}, title = {{CobaltStrike - beacon.dll : Your No Ordinary MZ Header}}, date = {2019-11-05}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2019/11/cobaltstrike-beacondll-your-not.html}, language = {English}, urldate = {2019-12-17} } CobaltStrike - beacon.dll : Your No Ordinary MZ Header
Cobalt Strike