UDURRANI.COM
HOME 
UDURRANI.COM
HOME
EXPLOIT INFO FUN TOOLS MORE ON TOOLS WEBSHELL / FILE DETECTION TOOLS SANDBOX TOOLS MALICIOUS FLOW MALWARE DEVELOPMENT INTRO TO RANSOMWARE RANSOMWARE FLOW MEMORY CORRUPTION / EXPLOIT BAD HASHES :) MY HONEYPOT STATS
RANSOMWARE VIA ASSEMBLIES (SODINOKIBI) LOCKERGOGA ANNABELLE RANSOMWARE 02/22/2018 MATRIX RANSOMWARE [M-PAGE] NEMESIS RANSOMWARE 4/22/2017 GANDCRAB V2.1 RANSOMWARE 4/15/2018 GANDCRAB V3 RANSOMWARE 6/2018 NOTES ON SODINOKIBI VIA EXPLOIT SEKMET RANSOMWARE (QUICK FLOW) AVADDON RANSOMWARE (4/21 QUICK FLOW) WANACRY 5/12/2017 WANACRY NEW VERSION 5/14/2017 HANDLES DLL's WANACRY TRAFFIC PATTERN / SCANNING FOR SMB BLACKSHEEP RANSOMWARE 5/29/2017 SATURN RANSOMWARE 02/20/2018 GLOBE RANSOMWARE (7/2017) CONTI RANSOMWARE (2021) BLACKMATTER RANSOMWARE (2021) LOCKBIT DOUBLE EXTORTION HIVE RANSOMWARE SCARAB RANSOMWARE (3/2018) PETYA / NOT!PETYA RANSOMWARE VARIANT / PETWRAP 6/27/2017 KARO RANSOMWARE VARIANT QUICK LOOK (6/2017) HDDCRYPTOR / MAMBA IS BACK IN KSA (7/2017) BAD RABBIT (10/2017) CRYPTOWALL (Quick Look) DATASTOP RANSOMWARE CRYSIS RANSOMWARE (DYNAMIC VIEW) EMOTET TO RYUK
RYUK RANSOMWARE
VBS-TO-RANSOMWARE
NEFILIM & NETWALKER
WASTEDLOCKER GARMIN (QUICK LOOK)
SHAMOON'S STORY SHAMOON 3 OLYMPIC DESTROYER 02/26/2018 PETYA / NOT!PETYA RANSOMWARE VARIANT / PETWRAP 6/27/2017 SERVER DESTROYER (3/01/2018)
REMOVE-DIRECTORY WIPER
INDO-PAK CONFLICT APT
TRICKBOT
LINUX IOT BOTNET MIRAI BOTNET (cve-2020-5902) ADWARE WITH MKSPico (PUP) FLAWEDAMMY (RAT) MALWARE EXFILTRATING VIA DNS
GREENBUG BACKDOOR GREENBUG BACKDOOR Ver 2 LATERAL MOVEMENT (EASY USING PSEXEC) DATA THEFT NET-SUPPORT RAT REMOTE ADMIN TROJAN (7/30/2018) TARGETED MACRO (SAUDI) 3/23/2017 VBA TROJAN 5/28/2018 EMOTET TROJAN AND USE OF OBFUSCATION 6/17/2018 MULTI SPAWN SVCHOST INJECTION 4/19/2017 MUDDYWATER INFO STEALING / SPOOFING APT32 (FLOW) SUNBURST BACKDOOR DATA EXFILTRATION USING PYTHON PYD HOOK (QuickLook) 5/26/2017 ORANGE WORM DATA THEFT PATTERNS INJECTION VIA EXCEL (QUICK LOOK) FILELESS POWERSHELL MINNING VIRUS BANKING VIRUS / TROJAN DATA THEFT VIA TELEGRAM THE CYBER HEIST (LAZARUS) A RAT'S TALE MULTI-PURPOSE (NextGenMalware) MONERO MINING (Exploit + Malware [Linux & Malware]) CPU-MINING + BOOTKIT JAVA TROJAN (ADWIND) DE-OBFUSCATION AZORULT IOC's PZCHAO APT HOUDINI MSWORD BACKDOOR HIDING BEHIND AN IMAGE F0F50C26AC78E92AD1D76BB4FB0D1447
CLICK TO VIEW ANALYSIS
CLICK TO VIEW ANALYSIS
VBS TO RANSOMWARE
RYUK RANSOMWARE
PZChao
Forensics Tool
Forensics Tool VIDEO (Use cases) Forensics Tool VIDEO (Malware Analysis) Automated Sinkholing Network Profiler (Agent Based) Network Profiler (Agent Based)VIDEO Passive network profiler using 512MB RAM and 1G CPU| INFO | VIDEO LINK | DESC LINK |
|---|---|---|
| Malware Basic Explanation | | - |
| Malware Dropper, Downloader | | |
| Rundll32 to launch reverse shell | | |
| Rundll32 to Open a random Port | | |
| Rundll32 to Launch a light weight web server | | |
| Infect AV with a cryptoLocker | | Simple AV By-pass |
| In-memory Keylogger Bypass AV | | In-memory keylogger |
| Process Hollowing | - | |
| Lateral movement | | Lateral movement?? Easy via PsExec! |
