Malware Analysis Reports

file_types:python file_types:elf file_types:so file_types:c techniques:encryption techniques:obfuscation techniques:anti-analysis techniques:string obfuscation debugger:pdb

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows

2025-04-22

Author: Charlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, Tom Lancaster

techniques:phishing cloud_environments:azure

TCCing is Believing! Apple finally adds TCC events to Endpoint Security!

2025-03-27

Author: Patrick Wardle

file_types:so file_types:c platforms:macos file_types:objective-c

Leaking Passwords (and more!) on macOS

2025-03-20

Author: Noah Gregory

malware_types:ransomware techniques:system calls file_types:so file_types:macho malware_types:backdoor techniques:privilege escalation platforms:macos platforms:ios cve:cve-2024-5447 cve:cve-2024-54471

LummaStealer: More Tricks, More Trouble - Part 2

2025-03-05

file_types:dll file_types:zip file_types:txt techniques:phishing file_types:powershell file_types:exe file_types:html architecture:x64 techniques:obfuscation techniques:anti-analysis

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication

2025-02-13

Author: Charlie Gardner, Steven Adair, Tom Lancaster

techniques:phishing

One ClickFix and LummaStealer reCAPTCHA’s Our Attention - Part 1

2025-01-30

file_types:dll techniques:phishing file_types:powershell malware_types:loader file_types:html file_types:python malware_types:virus file_types:javascript techniques:sandbox file_types:iso

The Mac Malware of 2024

2025-01-01

Author: Patrick Wardle

malware_types:ransomware file_types:rar architecture:arm malware_types:loader architecture:x86_64 file_types:python file_types:javascript file_types:mach-o techniques:malware analysis tools file_types:rtf

Restoring Reflective Code Loading on macOS

2024-12-16

Author: Patrick Wardle

malware_types:fileless malware_types:loader file_types:so file_types:go techniques:encryption platforms:windows file_types:cpp platforms:macos file_types:mach-o file_types:dylib

AI Models for Decompiling Assembly Code

2024-11-16

file_types:so file_types:go file_types:c platforms:windows disassembler:ida pro disassembler:ghidra

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

2024-11-15

Author: Callum Roxan, Charlie Gardner, Paul Rascagneres

platforms:windows malware_types:zero-day platforms:ios

The Dark Knight Returns: Joker malware analysis

2024-10-01

CERT.PL

Author: Kacper Ratajczak

platforms:android source_tag:joker source_tag:analysis

Analysis of Evolving Evasion Tradecraft in Commodity Malware and Command-and-Control Frameworks

2024-09-05

file_types:dll techniques:system calls file_types:so malware_types:virus platforms:windows architecture:x64 techniques:hooking techniques:exfiltration

PhysMem(e): When Kernel Drivers Peek into Memory CVE-2024-41498

2024-09-05

file_types:pe file_types:so file_types:go file_types:c platforms:windows disassembler:ida pro debugger:windbg cve:cve-2024-41498

The Hidden Treasures of Crash Reports

2024-08-13

Author: Patrick Wardle

malware_types:ransomware file_types:so file_types:c platforms:windows platforms:macos platforms:ios architecture:arm64

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

2024-08-02

Author: Ankur Saini, Paul Rascagneres, Steven Adair, Thomas Lancaster

platforms:windows platforms:macos

This Meeting Should Have Been an Email

2024-07-15

Author: Patrick Wardle

file_types:zip file_types:exe file_types:html architecture:x86_64 file_types:python malware_types:downloader malware_types:backdoor file_types:javascript platforms:macos file_types:mach-o

Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame

2024-06-24