├── .gitignore ├── Baldr └── README.md ├── DarkRATv2 ├── README.md └── img │ ├── buildercmd.png │ ├── cleanup.png │ ├── code_av.png │ ├── code_av2.png │ ├── code_debug.png │ ├── code_debug2.png │ ├── code_debug3.png │ ├── code_debug4.png │ ├── code_v220.png │ ├── cryptob.png │ ├── dande1.png │ ├── darkratv2.png │ ├── darkspider1.png │ ├── darkspider2.png │ ├── discord.png │ ├── discord2.png │ ├── discord3.png │ ├── errormode.png │ ├── git1.png │ ├── git2.png │ ├── git3.png │ ├── git_index.png │ ├── git_index1.png │ ├── grs.png │ ├── logo.png │ ├── mutex.png │ ├── mutex2.png │ ├── olddarkrat.png │ ├── origins.png │ ├── panel_bots1.png │ ├── panel_bots2.png │ ├── panel_dash1.png │ ├── panel_dash2.png │ ├── panel_login.png │ ├── panel_menu.png │ ├── panel_plugins.png │ ├── panel_settings_functions.png │ ├── panel_settings_global.png │ ├── panel_settings_template.png │ ├── panel_settings_users.png │ ├── panel_tasks.png │ ├── pastebin1.png │ ├── pastebin2.png │ ├── pcap1.png │ ├── pcap2.png │ ├── persistance.png │ ├── proc_hollow.png │ ├── proc_hollow2.png │ ├── proc_hollow3.png │ ├── proc_hollow4.png │ ├── proc_hollow5.png │ ├── processgraph.png │ ├── readme.png │ ├── readme1.png │ ├── registry.png │ ├── routes.png │ ├── source.png │ ├── source1.png │ ├── tasklist.png │ ├── tasks.png │ └── useragent.png ├── Korpze └── README.md ├── Latrodectus └── README.md ├── LockBit └── README.md ├── Prometei └── README.md ├── README.md ├── Zeus └── Zeus.pdf ├── _DNS └── README.md ├── _Honeypot └── README.md ├── _IoT └── README.md └── _UPX └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /Baldr/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/Baldr/README.md -------------------------------------------------------------------------------- /DarkRATv2/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/README.md -------------------------------------------------------------------------------- /DarkRATv2/img/buildercmd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/buildercmd.png -------------------------------------------------------------------------------- /DarkRATv2/img/cleanup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/cleanup.png -------------------------------------------------------------------------------- /DarkRATv2/img/code_av.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/code_av.png -------------------------------------------------------------------------------- /DarkRATv2/img/code_av2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/code_av2.png -------------------------------------------------------------------------------- /DarkRATv2/img/code_debug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/code_debug.png -------------------------------------------------------------------------------- /DarkRATv2/img/code_debug2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/code_debug2.png -------------------------------------------------------------------------------- /DarkRATv2/img/code_debug3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/code_debug3.png -------------------------------------------------------------------------------- /DarkRATv2/img/code_debug4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/code_debug4.png -------------------------------------------------------------------------------- /DarkRATv2/img/code_v220.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/code_v220.png -------------------------------------------------------------------------------- /DarkRATv2/img/cryptob.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/cryptob.png -------------------------------------------------------------------------------- /DarkRATv2/img/dande1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/dande1.png -------------------------------------------------------------------------------- /DarkRATv2/img/darkratv2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/darkratv2.png -------------------------------------------------------------------------------- /DarkRATv2/img/darkspider1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/darkspider1.png -------------------------------------------------------------------------------- /DarkRATv2/img/darkspider2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/darkspider2.png -------------------------------------------------------------------------------- /DarkRATv2/img/discord.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/discord.png -------------------------------------------------------------------------------- /DarkRATv2/img/discord2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/discord2.png -------------------------------------------------------------------------------- /DarkRATv2/img/discord3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/discord3.png -------------------------------------------------------------------------------- /DarkRATv2/img/errormode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/errormode.png -------------------------------------------------------------------------------- /DarkRATv2/img/git1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/git1.png -------------------------------------------------------------------------------- /DarkRATv2/img/git2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/git2.png -------------------------------------------------------------------------------- /DarkRATv2/img/git3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/git3.png -------------------------------------------------------------------------------- /DarkRATv2/img/git_index.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/git_index.png -------------------------------------------------------------------------------- /DarkRATv2/img/git_index1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/git_index1.png -------------------------------------------------------------------------------- /DarkRATv2/img/grs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/grs.png -------------------------------------------------------------------------------- /DarkRATv2/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/logo.png -------------------------------------------------------------------------------- /DarkRATv2/img/mutex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/mutex.png -------------------------------------------------------------------------------- /DarkRATv2/img/mutex2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/mutex2.png -------------------------------------------------------------------------------- /DarkRATv2/img/olddarkrat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/olddarkrat.png -------------------------------------------------------------------------------- /DarkRATv2/img/origins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/origins.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_bots1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_bots1.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_bots2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_bots2.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_dash1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_dash1.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_dash2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_dash2.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_login.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_menu.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_plugins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_plugins.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_settings_functions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_settings_functions.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_settings_global.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_settings_global.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_settings_template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_settings_template.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_settings_users.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_settings_users.png -------------------------------------------------------------------------------- /DarkRATv2/img/panel_tasks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/panel_tasks.png -------------------------------------------------------------------------------- /DarkRATv2/img/pastebin1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/pastebin1.png -------------------------------------------------------------------------------- /DarkRATv2/img/pastebin2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/pastebin2.png -------------------------------------------------------------------------------- /DarkRATv2/img/pcap1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/pcap1.png -------------------------------------------------------------------------------- /DarkRATv2/img/pcap2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/pcap2.png -------------------------------------------------------------------------------- /DarkRATv2/img/persistance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/persistance.png -------------------------------------------------------------------------------- /DarkRATv2/img/proc_hollow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/proc_hollow.png -------------------------------------------------------------------------------- /DarkRATv2/img/proc_hollow2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/proc_hollow2.png -------------------------------------------------------------------------------- /DarkRATv2/img/proc_hollow3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/proc_hollow3.png -------------------------------------------------------------------------------- /DarkRATv2/img/proc_hollow4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/proc_hollow4.png -------------------------------------------------------------------------------- /DarkRATv2/img/proc_hollow5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/proc_hollow5.png -------------------------------------------------------------------------------- /DarkRATv2/img/processgraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/processgraph.png -------------------------------------------------------------------------------- /DarkRATv2/img/readme.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/readme.png -------------------------------------------------------------------------------- /DarkRATv2/img/readme1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/readme1.png -------------------------------------------------------------------------------- /DarkRATv2/img/registry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/registry.png -------------------------------------------------------------------------------- /DarkRATv2/img/routes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/routes.png -------------------------------------------------------------------------------- /DarkRATv2/img/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/source.png -------------------------------------------------------------------------------- /DarkRATv2/img/source1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/source1.png -------------------------------------------------------------------------------- /DarkRATv2/img/tasklist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/tasklist.png -------------------------------------------------------------------------------- /DarkRATv2/img/tasks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/tasks.png -------------------------------------------------------------------------------- /DarkRATv2/img/useragent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/DarkRATv2/img/useragent.png -------------------------------------------------------------------------------- /Korpze/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/Korpze/README.md -------------------------------------------------------------------------------- /Latrodectus/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/Latrodectus/README.md -------------------------------------------------------------------------------- /LockBit/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/LockBit/README.md -------------------------------------------------------------------------------- /Prometei/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/Prometei/README.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/README.md -------------------------------------------------------------------------------- /Zeus/Zeus.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/Zeus/Zeus.pdf -------------------------------------------------------------------------------- /_DNS/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/_DNS/README.md -------------------------------------------------------------------------------- /_Honeypot/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/_Honeypot/README.md -------------------------------------------------------------------------------- /_IoT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/_IoT/README.md -------------------------------------------------------------------------------- /_UPX/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/albertzsigovits/malware-writeups/HEAD/_UPX/README.md --------------------------------------------------------------------------------