PinnedZYWUUnpacking Matryoshka: What the History Means for Russian CybercrimeMore and more cyber-attacks incidents have occupied the headlines. A man, wearing a hoodie and sitting behind a computer, hacks the world…17 min read·Mar 25, 2021----
ZYWUTwo duplicated but defected keys among the Avaddon ~3000 released private keys2 min read·Jun 12, 2021----
ZYWUDive into anti analysis of Emotet loaderWe discussed the cryptor in the previous post. As for the loader part, we are going to document some carefully designs, which are use to…2 min read·Mar 31, 2019----
ZYWUDive into recent Emotet’s cryptorSample – 7a305cbbe2a950663827953cf398078d7b18baa42 min read·Mar 25, 2019----
ZYWUPegasus Source Code Analysis NotesThe leak and background: https://malware-research.org/carbanak-source-code-leaked/2 min read·Feb 15, 2019----
ZYWUA Study on ConfuserEx Control Flow Flattening TechniqueRecently, I came across an infostealer malware called HawkEye. HawkEye is written in C#. In this post, I’m going to sahre the control flow…5 min read·Jan 16, 2019--1--1
ZYWUHow to analysis TrickBot PoS Module w/ Labled Data Structure in IDAProBackground3 min read·Jan 10, 2019----
ZYWUDecrypting EMOTET’s strings using IDAPythonEMOTET is a crime ware loader. The affiliates are — TrickBot, Zeus Panda, IceID, and so on. US-CERT has published alert on the malware in…3 min read·Jan 8, 2019----