·25 min read
Technical malware analysis and threat intelligence.
·15 min read
SERPENTINE#CLOUD returns: ClickFix lure drops five RATs
Read report : SERPENTINE#CLOUD returns: ClickFix lure drops five RATs→·15 min read
Axios npm compromise: XOR dropper to cross-platform RAT
Read report : Axios npm compromise: XOR dropper to cross-platform RAT→·16 min read
Breaking Aura: five obfuscation layers & hates sandboxes
Read report : Breaking Aura: five obfuscation layers & hates sandboxes→·11 min read
Pay2Key encryptor: what a January 2026 build reveals
Read report : Pay2Key encryptor: what a January 2026 build reveals→·13 min read
A Sliver dropper that asks GPT-4 for permission
Read report : A Sliver dropper that asks GPT-4 for permission→·25 min read
InterLock: full tooling teardown of a ransomware operation
Read report : InterLock: full tooling teardown of a ransomware operation→·13 min read
Payload ransomware group: mutex MakeAmericaGreatAgain
Read report : Payload ransomware group: mutex MakeAmericaGreatAgain→·31 min read
HellsUchecker: ClickFix to blockchain-backed backdoor
Read report : HellsUchecker: ClickFix to blockchain-backed backdoor→·12 min read
Tranium wiper: static analysis of a Go binary
Read report : Tranium wiper: static analysis of a Go binary→·25 min read
GhostWeaver - a malware that lives up to its name
Read report : GhostWeaver - a malware that lives up to its name→·21 min read
FakeGit: LuaJIT malware distributed via GitHub at scale
Read report : FakeGit: LuaJIT malware distributed via GitHub at scale→·13 min read
OCRFix botnet hides C2 in BNB Smart Chain contracts
Read report : OCRFix botnet hides C2 in BNB Smart Chain contracts→·21 min read
Archive.org Stego Delivers Remcos and AsyncRAT
Read report : Archive.org Stego Delivers Remcos and AsyncRAT→·11 min read
IronChain: A Ransomware That Cannot Decrypt
Read report : IronChain: A Ransomware That Cannot Decrypt→·19 min read
Python Loader Evolution: Five Encryption Generations
Read report : Python Loader Evolution: Five Encryption Generations→·16 min read
Remcos Banking Fraud via Three AutoIt Persistence Chains
Read report : Remcos Banking Fraud via Three AutoIt Persistence Chains→·13 min read
PureCrypter: Reverse Engineering a .NET Loader From the PureCoder Ecosystem
Read report : PureCrypter: Reverse Engineering a .NET Loader From the PureCoder Ecosystem→·25 min read
VioletWorm v4.7 (Violet RAT): The Most Dangerous Payload in a 9-RAT Toolkit
Read report : VioletWorm v4.7 (Violet RAT): The Most Dangerous Payload in a 9-RAT Toolkit→·24 min read
PureLogs: Reverse Engineering a .NET RAT From the PureCoder Ecosystem
Read report : PureLogs: Reverse Engineering a .NET RAT From the PureCoder Ecosystem→·13 min read