malscope/index.xml at main · ByridianBlack/malscope · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>MalScope</title>
    <link>https://malscope.com/</link>
    <description>Recent content on MalScope</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en</language>
    <managingEditor>byridianblack@malscope.com (ByridianBlack)</managingEditor>
    <webMaster>byridianblack@malscope.com (ByridianBlack)</webMaster>
    <lastBuildDate>Mon, 22 May 2023 10:22:10 +0700</lastBuildDate>

	<atom:link href="https://malscope.com/index.xml" rel="self" type="application/rss+xml" />


    <item>
      <title>0verney Crackme Write up</title>
      <link>https://malscope.com/post/0verney_crackme/</link>
      <pubDate>Mon, 22 May 2023 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/0verney_crackme/</guid>
      <description>Looking past the entry The start of this executable is as show</description>
    </item>

    <item>
      <title>CryptBot Malware Report</title>
      <link>https://malscope.com/post/cryptbot-malware-report/</link>
      <pubDate>Wed, 05 Oct 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/cryptbot-malware-report/</guid>
      <description>Background CryptBot is an Info-Stealer malware that has been making its rounds this year, 2022, distributed via cracked software and sketchy websites.</description>
    </item>

    <item>
      <title>SmokeLoader Unpacking Series</title>
      <link>https://malscope.com/post/smokeloader-unpacking/</link>
      <pubDate>Tue, 27 Sep 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/smokeloader-unpacking/</guid>
      <description>In this report, I will demonstrate the methods to unpack a SmokeLoader executable manually.</description>
    </item>

    <item>
      <title>REvil Malware Analysis</title>
      <link>https://malscope.com/post/revil/</link>
      <pubDate>Wed, 24 Aug 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/revil/</guid>
      <description>Summary This report is on the Ransomware as a Service REvil, detailing their techniques, any changes to previous samples they used and their obfuscation techniques.</description>
    </item>

    <item>
      <title>HackTheBox Reminiscent Writeup</title>
      <link>https://malscope.com/post/hackbox_reminiscent_writeup/</link>
      <pubDate>Wed, 22 Jun 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/hackbox_reminiscent_writeup/</guid>
      <description>Getting Started So for this summer, I decided to focus a little more on the offensive side of cybersecurity.</description>
    </item>

    <item>
      <title>Black Basta Ransomware Analysis</title>
      <link>https://malscope.com/post/blackbasta/</link>
      <pubDate>Wed, 27 Apr 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/blackbasta/</guid>
      <description>Introduction Black Basta ransomware hit American Dental Association on the weekend of the week of 4/17, 2022.</description>
    </item>

    <item>
      <title>Danofred&#39;s Simple CrackMe WriteUp</title>
      <link>https://malscope.com/post/danofreds-simple-crackme-writeup/</link>
      <pubDate>Tue, 19 Apr 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/danofreds-simple-crackme-writeup/</guid>
      <description>Author: ByridianBlack
Challenge Won: April 18th, 2022
Author of Challenge: Danofred</description>
    </item>

    <item>
      <title>LIKEAHORSE Malware Report. Uncovering its Secrets</title>
      <link>https://malscope.com/post/likeahorse-analysis-report/</link>
      <pubDate>Mon, 18 Apr 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/likeahorse-analysis-report/</guid>
      <description>Introduction LIKEAHORSE is ransomware that garnered news in January, but while it was looked at, I have found no actual report on its features and abilities online.</description>
    </item>

    <item>
      <title>Mevlbkxshp Powershell Script Malware Analysis</title>
      <link>https://malscope.com/post/mevlbkxshp-powershell-script-malware-analysis/</link>
      <pubDate>Sat, 16 Apr 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/mevlbkxshp-powershell-script-malware-analysis/</guid>
      <description>Introduction Mevlbkxshp is a PowerShell script categorized as a dropper. This malware has many features, most of which are obfuscation techniques and some properties that make it semi-fileless.</description>
    </item>

    <item>
      <title>Darkside Malware</title>
      <link>https://malscope.com/post/darkside/</link>
      <pubDate>Wed, 16 Feb 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/darkside/</guid>
      <description>Darkside is ransomware notorious for attacking high-profile industrial control systems and facilities.</description>
    </item>

    <item>
      <title>Discord Troll Malware</title>
      <link>https://malscope.com/post/discord/</link>
      <pubDate>Sun, 23 Jan 2022 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/discord/</guid>
      <description>For the past few years, Discord has been a hub for spreading malware, and while they have done much to crack down on this spread, the problem is still prevalent.</description>
    </item>

    <item>
      <title>DiffuseGravity</title>
      <link>https://malscope.com/post/diffusegravity/</link>
      <pubDate>Thu, 25 Nov 2021 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/diffusegravity/</guid>
      <description>Introduction VB6 compiler can be treated as a packer because of its translation from what is known as P-code into assembly code.</description>
    </item>

    <item>
      <title>Good Malware</title>
      <link>https://malscope.com/post/good_malware/</link>
      <pubDate>Sat, 23 Oct 2021 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/good_malware/</guid>
      <description>Good.exe Sha256: 90d3580e187b631a9150bbb4a640b84c6fa990437febdc42f687cc7b3ce1deac Md5 : b034e2a7cd76b757b7c62ce514b378b4 Sha1 : 27d15f36cb5e3338a19a7f6441ece58439f830f2
Analysis Initially this piece of malware was UPX packed as shown in the following Figure</description>
    </item>

    <item>
      <title>Invicea Tunnel Malware Analysis</title>
      <link>https://malscope.com/post/invicea-tunnel-analysis/</link>
      <pubDate>Wed, 20 Oct 2021 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/invicea-tunnel-analysis/</guid>
      <description>Initial Analysis &amp;amp; Outside Research Not much is known about this malware or at least not much research has been done on it.</description>
    </item>

    <item>
      <title> VBS Dropper Script for Nanocore RAT. Fileless Properties. </title>
      <link>https://malscope.com/post/nanocore-rat-dropper-fileless/</link>
      <pubDate>Mon, 20 Sep 2021 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/nanocore-rat-dropper-fileless/</guid>
      <description>Introduction This piece of malware had some fileless malware properties, but because it copied itself to disk, it cannot be categorized as fileless malware.</description>
    </item>

    <item>
      <title>Poweliks Malware Analysis</title>
      <link>https://malscope.com/post/poweliks-malware/</link>
      <pubDate>Wed, 02 Jun 2021 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/poweliks-malware/</guid>
      <description>Introduction I have recently been interested in fileless malware and the different approaches authors have when executing them.</description>
    </item>

    <item>
      <title>VBS APT34 Dropper Analysis</title>
      <link>https://malscope.com/post/vbs-apt34dropper-analysis/</link>
      <pubDate>Sat, 22 May 2021 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/vbs-apt34dropper-analysis/</guid>
      <description>Introduction VBS scripts are malicious codes that can contain PowerShell commands that can severely damage the victim machine.</description>
    </item>

    <item>
      <title>Win32/InfoStealer Dexter Malware</title>
      <link>https://malscope.com/post/info-stealer-ma/</link>
      <pubDate>Sat, 22 May 2021 10:22:10 +0700</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/post/info-stealer-ma/</guid>
      <description>Introduction Win32/InfoStealer.Dexter is part of a family of malware to steal information such as credit card numbers, passwords, or various techniques.</description>
    </item>

    <item>
      <title></title>
      <link>https://malscope.com/about/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/about/</guid>
      <description>Hello, I, a practicing malware analyst and reverse engineer, am using this blog to showcase the malware samples I have analyzed.</description>
    </item>

    <item>
      <title>Contact 📨️</title>
      <link>https://malscope.com/contact/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/contact/</guid>
      <description>Contact me:</description>
    </item>

    <item>
      <title>Search 🔍</title>
      <link>https://malscope.com/search/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <author>byridianblack@malscope.com (ByridianBlack)</author>
      <guid>https://malscope.com/search/</guid>
      <description>.gsc-control-cse, .gsc-result{ border: none!important; background-color: transparent!important; } .gsc-result-info, .gsc-orderby-label{ color: var(--disabled-text-color)!</description>
    </item>

  </channel>
</rss>