Malware Analysis Reports

Author: Callum Roxan, Charlie Gardner, Paul Rascagneres

platforms:windows malware_types:zero-day platforms:ios

The Dark Knight Returns: Joker malware analysis

2024-10-01

CERT.PL

Author: Kacper Ratajczak

platforms:android source_tag:joker source_tag:analysis

Analysis of Evolving Evasion Tradecraft in Commodity Malware and Command-and-Control Frameworks

2024-09-05

file_types:dll techniques:system calls file_types:so malware_types:virus platforms:windows architecture:x64 techniques:hooking techniques:exfiltration

PhysMem(e): When Kernel Drivers Peek into Memory CVE-2024-41498

2024-09-05

file_types:pe file_types:so file_types:go file_types:c platforms:windows disassembler:ida pro debugger:windbg cve:cve-2024-41498

The Hidden Treasures of Crash Reports

2024-08-13

Author: Patrick Wardle

malware_types:ransomware file_types:so file_types:c platforms:windows platforms:macos platforms:ios architecture:arm64

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

2024-08-02

Author: Ankur Saini, Paul Rascagneres, Steven Adair, Thomas Lancaster

platforms:windows platforms:macos

This Meeting Should Have Been an Email

2024-07-15

Author: Patrick Wardle

file_types:zip file_types:exe file_types:html architecture:x86_64 file_types:python malware_types:downloader malware_types:backdoor file_types:javascript platforms:macos file_types:mach-o

Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame

2024-06-24

malware_types:ransomware file_types:dll file_types:pdf malware_types:loader file_types:python file_types:javascript techniques:sandbox platforms:windows server techniques:string obfuscation file_types:msi

MMD-0069-2024 - An old ELF Ransomware pivoted crypto (OpenSSL to PolarSSL) Linux/Encoder.1-2

2024-06-19

MalwareMustDie

Author: unixfreaxjp

file_types:apk malware_types:ransomware file_types:rar file_types:dll file_types:ruby file_types:zip platforms:linux file_types:txt architecture:x86 file_types:pdf

MMD-0068-2024 - "FHAPPI Campaign" (APT10) FreeHosting APT "PSploit" Poison Ivy

2024-06-19

MalwareMustDie

Author: unixfreaxjp

file_types:dll file_types:bin malware_types:rat file_types:dat techniques:system calls techniques:phishing file_types:powershell malware_types:fileless file_types:pe file_types:exe

DISGOMOJI Malware Used to Target Indian Government

2024-06-13

Author: Volexity Threat Research

platforms:linux

Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices

2024-05-15

Author: Volexity Threat Research

malware_types:zero-day cve:cve-2024-3400

Identifying x86_64 ELF Symbols in Stripped Binaries using AI

2024-05-02

file_types:pdf file_types:bin architecture:x86_64 file_types:python file_types:elf file_types:c platforms:debian disassembler:ghidra

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

2024-04-12

Author: Volexity Threat Research

malware_types:zero-day cve:cve-2024-3400

Apple Gets an 'F' for Slicing Apples

2024-02-22

Author: Patrick Wardle

architecture:arm malware_types:loader architecture:x86_64 file_types:so file_types:macho file_types:cpp platforms:macos file_types:mach-o debugger:lldb file_types:dylib

CharmingCypress: Innovating Persistence

2024-02-13

Author: Ankur Saini, Callum Roxan, Charlie Gardner, Damien Cash

techniques:phishing file_types:so techniques:persistence

Ivanti Connect Secure VPN Exploitation: New Observations

2024-01-18

Author: Matthew Meltzer, Sean Koessel, Steven Adair

malware_types:backdoor cve:cve-2024-21887 cve:cve-2023-46805

Why Join The Navy If You Can Be A Pirate?

2024-01-15

Author: Patrick Wardle

file_types:zip file_types:bin architecture:x86_64 malware_types:downloader malware_types:virus techniques:persistence malware_types:trojan file_types:xml platforms:macos file_types:mach-o

Analyzing DPRK's SpectralBlur

2024-01-04

Author: Patrick Wardle

file_types:zip file_types:bin architecture:x86_64 file_types:sh file_types:so malware_types:backdoor techniques:encryption platforms:macos file_types:mach-o debugger:lldb

The Mac Malware of 2023

2024-01-01