| 2024-12-23 | Xavier Mertens | Modiloader From Obfuscated Batch File |
| 2024-05-27 | Jan Kopriva | Files with TXZ extension used as malspam attachments |
| 2024-01-12 | Xavier Mertens | One File, Two Payloads |
| 2023-11-18 | Xavier Mertens | Quasar RAT Delivered Through Updated SharpLoader |
| 2023-07-12 | Brad Duncan | Loader activity for Formbook "QM18" |
| 2023-06-29 | Brad Duncan | GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT |
| 2023-06-24 | Guy Bruneau | Email Spam with Attachment Modiloader |
| 2023-06-17 | Brad Duncan | Formbook from Possible ModiLoader (DBatLoader) |
| 2023-05-30 | Brad Duncan | Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT |
| 2022-11-04 | Xavier Mertens | Remcos Downloader with Unicode Obfuscation |
| 2022-11-02 | Brad Duncan | Who put the "Dark" in DarkVNC? |
| 2022-09-18 | Tom Webb | Preventing ISO Malware |
| 2022-02-11 | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2021-11-19 | Xavier Mertens | Downloader Disguised as Excel Add-In (XLL) |
| 2021-11-04 | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
| 2021-09-08 | Brad Duncan | "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware |
| 2021-08-11 | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-05-18 | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-02-24 | Brad Duncan | Malspam pushes GuLoader for Remcos RAT |
| 2020-10-22 | Jan Kopriva | BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon |
| 2020-06-10 | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-05-24 | Didier Stevens | Zloader Maldoc Analysis With xlm-deobfuscator |
| 2020-04-08 | Brad Duncan | German malspam pushes ZLoader malware |
| 2019-12-05 | Jan Kopriva | E-mail from Agent Tesla |
| 2019-07-02 | Xavier Mertens | Malicious Script With Multiple Payloads |
| 2017-02-10 | Brad Duncan | Hancitor/Pony malspam |
