Thinkbox
  • Home
  • About
  • Old Blog
Koi Loader Attack Chain Analysis

Koi Loader Attack Chain Analysis

Overview This post will cover at a high level the attack chain that Koi Loader takes in order to deploy Koi stealer on a system. All artifacts and samples were retrieved from Malware Traffic. Fake Installer Initial Execution Fake Installer Initial access for this sample took form of a digitally
21 May 2025 13 min read
Lockbit 3.0 Analysis
Malware Analysis

Lockbit 3.0 Analysis

Lockbit 3.0 Analysis
30 Mar 2025 17 min read
IcedID Initial Attack Chain Analysis
Malware Analysis

IcedID Initial Attack Chain Analysis

Analysis of the IcedID attack chain all the way to the loading of the core module.
29 May 2023 13 min read
Remote Portable Executable Injection
Malware Development

Remote Portable Executable Injection

Classic Remote Process Injection Implementation
24 May 2023 13 min read
Local Portable Executable Injection
Malware Development

Local Portable Executable Injection

Self Injecting a Payload into your own running process.
24 May 2023 6 min read
Reflective DLL Injection
Malware Development

Reflective DLL Injection

Implementing and detecting Reflective DLL Injections attacks.
24 May 2023 11 min read
Implementing DLL Injection
Malware Development

Implementing DLL Injection

Writing and Detecting DLL Injection
24 May 2023 6 min read
Page 1 of 1
Thinkbox © 2025
Powered by Ghost