GuLoader: Peering Into a Shellcode-based Downloader | CrowdStrike
In this blog, we cover all things GuLoader – a new malware family – including its main shellcode, anti-analysis techniques and final payload delivery mechanism.
Malware
The golden tax department and emergence of goldenspy malware
Analysis Report (TLP:WHITE) Analysis of a PlugX variant (PlugX version 7.0)
GitHub - d35ha/CallObfuscator: Obfuscate specific windows apis with different apis
Obfuscate specific windows apis with different apis - GitHub - d35ha/CallObfuscator: Obfuscate specific windows apis with different apis
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
GitHub - unipacker/unipacker: Automatic and platform-independent unpacker for Windows binaries based on emulation
Automatic and platform-independent unpacker for Windows binaries based on emulation - GitHub - unipacker/unipacker: Automatic and platform-independent unpacker for Windows binaries based on emulation
MalwareBazaar
Releases · EgeBalci/amber
Reflective PE packer. Contribute to EgeBalci/amber development by creating an account on GitHub.
BPFDoor - An Evasive Linux Backdoor Technical Analysis
BPFDoor is an stealthy Linux backdoor operating for years undetected. We disclose full technical details and detection techniques here.
REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
Updated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations.
GitHub - dhondta/awesome-executable-packing: A curated list of awesome resources related to executable packing
A curated list of awesome resources related to executable packing - GitHub - dhondta/awesome-executable-packing: A curated list of awesome resources related to executable packing
A new BluStealer Loader Uses Direct Syscalls to Evade EDRs
The latest version of the BluStealer loader syscalls to bypass EDRs. We break it down and analyze how it works.
GitHub - dnSpyEx/dnSpy: Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
Unofficial revival of the well known .NET debugger and assembly editor, dnSpy - GitHub - dnSpyEx/dnSpy: Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
Daxin Backdoor: In-Depth Analysis, Part Two
In the second of a two-part series of blogs, we examine the communications and networking features of Daxin.
Daxin Backdoor: In-Depth Analysis, Part One
In the first of a two-part series of blogs, we will delve deeper into Daxin, examining the driver initialization, networking, key exchange, and backdoor functionality of the malware.
Malware Evasion Encyclopedia
Evasion techniques
GitHub - mandiant/speakeasy: Windows kernel and user mode emulation.
Windows kernel and user mode emulation. Contribute to mandiant/speakeasy development by creating an account on GitHub.
capa: Automatically Identify Malware Capabilities | Mandiant
mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
The FLARE team's open-source tool to identify capabilities in executable files. - mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
Carbon Black Threat Research Dissects Red Leaves Malware, Which Leverages DLL Side Loading - VMware Security Blog - VMware
At the beginning of April, Carbon Black Threat Research began analyzing a malware variant commonly referred to as Red Leaves, which appears to have code reuse from the PlugX family. During the last month, this malware family has been referenced in several security blogs and government