PinnedZYWUUnpacking Matryoshka: What the History Means for Russian CybercrimeMore and more cyber-attacks incidents have occupied the headlines. A man, wearing a hoodie and sitting behind a computer, hacks the world…Mar 25, 2021Mar 25, 2021
ZYWUTwo duplicated but defected keys among the Avaddon ~3000 released private keysJun 12, 2021Jun 12, 2021
ZYWUDive into anti analysis of Emotet loaderWe discussed the cryptor in the previous post. As for the loader part, we are going to document some carefully designs, which are use to…Mar 31, 2019Mar 31, 2019
ZYWUDive into recent Emotet’s cryptorSample – 7a305cbbe2a950663827953cf398078d7b18baa4Mar 25, 2019Mar 25, 2019
ZYWUPegasus Source Code Analysis NotesThe leak and background: https://malware-research.org/carbanak-source-code-leaked/Feb 15, 2019Feb 15, 2019
ZYWUA Study on ConfuserEx Control Flow Flattening TechniqueRecently, I came across an infostealer malware called HawkEye. HawkEye is written in C#. In this post, I’m going to sahre the control flow…Jan 16, 20191Jan 16, 20191
ZYWUHow to analysis TrickBot PoS Module w/ Labled Data Structure in IDAProBackgroundJan 10, 2019Jan 10, 2019
ZYWUDecrypting EMOTET’s strings using IDAPythonEMOTET is a crime ware loader. The affiliates are — TrickBot, Zeus Panda, IceID, and so on. US-CERT has published alert on the malware in…Jan 8, 2019Jan 8, 2019