The following is a complete index of all published articles on Malware Analysis Space, written by independent malware analyst & researcher Seeker (李标明) / clibm079. All content is provided strictly for educational and defensive purposes.
Revisiting Stuxnet: Research Notes — Technical Analysis and Design Insights into the Loader (May 12, 2026)
Revisiting MoonBounce: Research Notes — Technical Analysis and Design Insights into the DXE Core (Jan 28, 2026)
Revisiting LoJax: Supplementary Analysis and Research Notes (January 2026)
Revisiting LoJax: The First UEFI Rootkit Found in the Wild — Lessons from Firmware-Level Attacks on Modern Platforms (Dec 17, 2025)
PE-bear: The Art of Intuitive Malware Analysis — How Visual Design Turns the ‘First View’ into Actionable Insights for Reverse Engineering (Nov 21, 2025)
Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations — How early VM-based rootkit research shaped modern system defense (Oct 29, 2025)
Regin: Static Analysis of Its Lightweight VFS Abstraction Layer — Polymorphic Kernel Interfaces and I/O Abstraction Layer (Oct 13, 2025)
Design Intent Exposed: Path Deception in nls_933w.dll — How Equation Group Protects the Embedded Driver Resource from Being Released to Physical Disk (Sep 16, 2025)
Poems of Malware Analysis: Shadows in the Stack — Notes from the Binary Jungle (Aug 30, 2025)
Analysis of Equation Group’s nls_933w.dll: Revealing Core Tactics and Technical Mindset (August 2025)
Safeguarding the Self — Reflections Inspired by the Analysis of nls_933w.dll on Safeguarding Energy in Research (August 2025)
The Path of Clarity — Notes from a Stage of Quiet Exploration (Jun 9, 2025)
Static Analysis of Turla’s Uroboros: Revealing Core Tactics and Technical Mindset (May 14, 2025)
Uroboros Revisited: Tracing PatchGuard-Evasive Techniques Beyond SSDT Hooking — A status-based anti-analysis case study on NtProtectVirtualMemory interception in x64 Windows (May 6, 2025)
SSDT Hooking: A Personal Walkthrough of Kernel-Mode Intrigue (Uroboros Echoes)
From SSDT to IDT: A Personal Walkthrough of Kernel-Mode Intrigue (Uroboros Echoes) (Apr 23, 2025)
The Evolution of APT36’s Crimson RAT: Tracking Variants and Feature Expansion Over the Years (Apr 8, 2025)
XWorm Unmasked: Weaponizing Script Obfuscation and Modern Evasion Techniques (Mar 26, 2025)
The Art of Evasion: How Attackers Use VBScript and PowerShell in the Obfuscation Game (Mar 20, 2025)
The Art of Deception: A Deep Dive into Advanced Trojan-Dropper Obfuscation and Their True Intentions (Mar 14, 2025)
Unmasking the Threat: Understanding Sophisticated Trojan-Dropper Mechanisms (Mar 9, 2025)
AsyncRAT in Action: UAC-0173’s Latest Advanced Antivirus Detection & Evasion Techniques (March 2025)
Akira Ransomware Expands to Linux: The Attacking Abilities and Strategies (Mar 7, 2025)
Unveiling APT28’s Advanced Obfuscated Loader and HTA Trojan: A Deep Dive with x32dbg Debugging (Feb 25, 2025)
APT44’s ASPX Web Shell Leverages Obfuscation Techniques and Firewall Rule Manipulation to Evade Detection (Feb 22, 2025)
APT Silver Fox is Using a Stock Investment Decoy and Undocumented Windows API Functions to Evade Detection (Feb 20, 2025)
The Ransom Group d0glun: Is It a Hidden Threat or Just for Fun? (Feb 15, 2025)
GreenSpot APT Phishing Campaigns with Fake 163.com Login Analysis (Feb 14, 2025)
The North Korean Nation-State APT43 Kimsuky Used the PowerShell forceCopy to Conduct Spear-Phishing Analysis (Feb 12, 2025)
Deobfuscating APT28’s HTA Trojan: A Deep Dive into VBE Techniques & Multi-Layer Obfuscation (February 2025)
Mirai Botnet Among Different Instruction Sets: x86, ARM, PPC, and MIPS with Static Analysis (Jan 31, 2025)
APT42 Phishing Campaigns and Malicious Code Like Soldiers Hiding Deep in the Jungle (Jan 26, 2025)
FunkSec Ransomware and Rust Reverse Analysis (Jan 23, 2025)
Mirai: An IoT DDoS Botnet – How to Protect and Disguise Itself As Aggressive Attacker Analysis (Jan 21, 2025)
Botnet Continue to Exploit Vulnerabilities and FICORA Botnet Analysis (Jan 19, 2025)
Rapperbot: How to Improve and Expand Its Ability Based on an Early Version Static Analysis (January 2025)
Rapperbot Static Analysis for ARM Architecture — The Other Variants to Do a DDoS Attack on Chinese AI Startup DeepSeek (January 2025)
HailBot Analysis — The Other Variants to Do a DDoS Attack on Chinese AI Startup DeepSeek (January 2025)
Botnet Continue to Exploit Vulnerabilities and CAPSAICIN Botnet Analysis (January 2025)
BotenaGo Malware Targets Multiple Routers with 30+ Exploit Functions and Go Reversing Analysis (January 2025)
CoinMiner Embedded Lots of Vulnerabilities to Exploit (January 2025)
Hive Ransomware Command-Line Parameters Analysis (January 2025)
Unveiling Gelsemium’s (毒狼草) Linux Backdoor WolfsBane (January 2025)
APT32 Poisoning GitHub to Target Chinese Cybersecurity Professionals and Malware Analysis (January 2025)