Malware

Updated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations.

A curated list of awesome resources related to executable packing - GitHub - dhondta/awesome-executable-packing: A curated list of awesome resources related to executable packing

The latest version of the BluStealer loader syscalls to bypass EDRs. We break it down and analyze how it works.

Unofficial revival of the well known .NET debugger and assembly editor, dnSpy - GitHub - dnSpyEx/dnSpy: Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

In the second of a two-part series of blogs, we examine the communications and networking features of Daxin.

In the first of a two-part series of blogs, we will delve deeper into Daxin, examining the driver initialization, networking, key exchange, and backdoor functionality of the malware.

Evasion techniques

Windows kernel and user mode emulation. Contribute to mandiant/speakeasy development by creating an account on GitHub.

The FLARE team's open-source tool to identify capabilities in executable files. - mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.

At the beginning of April, Carbon Black Threat Research began analyzing a malware variant commonly referred to as Red Leaves, which appears to have code reuse from the PlugX family. During the last month, this malware family has been referenced in several security blogs and government