Malware Analysis Reports

Author: Jarosław Jedynak

malware_types:rat malware_types:dropper source_tag:analysis source_tag:xworm source_tag:malwarestory source_tag:malware

EvilBamboo Targets Mobile Devices in Multi-year Campaign

2023-09-22

Author: Callum Roxan, Paul Rascagneres, Thomas Lancaster

platforms:android platforms:ios

Unpacking what's packed: DotRunPeX analysis

2023-09-18

Author: Jarosław Jedynak

techniques:phishing techniques:unpacking malware_types:dropper source_tag:analysis source_tag:malware source_tag:agenttesla source_tag:dotrunpex

Charming Kitten Updates POWERSTAR with an InterPlanetary Twist

2023-06-28

Author: Ankur Saini, Charlie Gardner

techniques:phishing

Malspam campaign delivering PowerDash – a tiny PowerShell backdoor

2023-05-09

Author: Michał Praszmo

file_types:powershell malware_types:backdoor source_tag:analysis source_tag:malware

The LockBit ransomware (kinda) comes for macOS

2023-04-16

Author: Patrick Wardle

malware_types:ransomware file_types:dll file_types:zip platforms:linux file_types:txt file_types:dat architecture:arm file_types:python file_types:json file_types:mach-o

Ironing out (the macOS) details of a Smooth Operator (Part II)

2023-04-01

Author: Patrick Wardle

architecture:x86_64 file_types:so architecture:x64 file_types:xml file_types:json platforms:macos file_types:mach-o debugger:lldb file_types:dylib techniques:anti-analysis

3CX Supply Chain Compromise Leads to ICONIC Incident

2023-03-30

Author: Ankur Saini, Callum Roxan, Charlie Gardner, Paul Rascagneres, Steven Adair, Thomas Lancaster

malware_types:loader

Ironing out (the macOS) details of a Smooth Operator (Part I)

2023-03-29

Author: Patrick Wardle

file_types:dll architecture:arm malware_types:loader architecture:x86_64 file_types:so architecture:x64 platforms:macos file_types:mach-o debugger:lldb techniques:anti-analysis

A tale of Phobos - how we almost cracked a ransomware using CUDA

2023-02-23

Author: Jarosław Jedynak

malware_types:ransomware file_types:so techniques:decryptor source_tag:analysis source_tag:malware

Where there is love, there is ...malware?

2023-02-14

Author: Patrick Wardle

architecture:x86_64 file_types:so file_types:php malware_types:backdoor techniques:persistence file_types:xml platforms:macos file_types:mach-o debugger:lldb disassembler:hopper

The Mac Malware of 2022

2023-01-01

Author: Patrick Wardle

malware_types:ransomware file_types:zip platforms:linux malware_types:loader architecture:x86_64 file_types:python file_types:javascript file_types:mach-o techniques:malware analysis tools cve:cve-2019-8526

How Shlayer Hides its Configuration

2022-12-27

Author: Taha Karim

file_types:html file_types:python file_types:macho malware_types:downloader file_types:bash malware_types:trojan file_types:xml platforms:macos file_types:mach-o malware_types:adware

₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware

2022-12-01

Author: Callum Roxan, Paul Rascagneres, Robert Jan Mora

file_types:dll techniques:side-loading

Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925

2022-08-10

Author: Volexity Threat Research

cve:cve-2022-27925

SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”

2022-07-28

Author: Paul Rascagneres, Thomas Lancaster, Volexity Threat Research

DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach

2022-06-15

Author: Steven Adair, Thomas Lancaster, Volexity Threat Research

malware_types:backdoor techniques:persistence malware_types:zero-day

SeaFlower 藏海花

2022-06-13

Author: Taha Karim

file_types:html file_types:so malware_types:backdoor file_types:javascript techniques:hooking platforms:macos platforms:ios file_types:mach-o debugger:lldb file_types:objective-c

From The DPRK With Love

2022-05-09