medium-articles-code

Scripts and code from my Medium articles on malware analysis and network traffic analysis.

Directories contain companion scripts for articles that include inline code. Naming convention: YYYY-MM-topic/

Articles

Directory	Article	Date
2026-02-phorpiex-botnet	Phorpiex Twizt Botnet: A Network Traffic Analysis	Feb 2026
2026-01-lumma-stealer	Network Traffic Analysis: Lumma Stealer & Payload Reconstruction	Jan 2026
2025-12-stealc-v2-rc4	Network Traffic Analysis: Analyzing StealC V2 Infostealer with RC4	Dec 2025
2025-01-koi-loader-stealer	Network traffic analysis: Koi Loader/Stealer	Jan 2025
2024-07-formbook-autoit-pdf	I'm going to show you how Formbook is hidden in a PDF file using AutoIt	Jul 2024

Other articles (no companion scripts)

Article	Date
Multi-Stage SVG: Analyzing a Colombian Court-Themed Malware Campaign with 0% AV Detection	Dec 2025
Analysis of phishing email message targeting the Vexl community	Jul 2025
Malicious file analysis: Ransomware meeting minutes	Jul 2025
Network Traffic Analysis Exercise: How to Deploy a Fake Authenticatoor	Feb 2025
A quick guide to analysing malicious network traffic	Aug 2024
Greetings to the diplomats from the Konni RAT family!	Aug 2024
RTF document enriched with feature	Jun 2024
Simple example of malicious document analysis	Jun 2024

Environment

Scripts are developed on REMnux. Most require Python 3 with standard analysis libraries. See individual README.md files for per-script dependencies.

Support

If you want to support me, you can do so in satoshi. Use the Lightning Network.