Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on run time indicators...
Noriben is a python based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of...
We should always think twice before running an unknown program downloaded from the Internet. Of course not every application is dangerous, but...
Lately the threat actors behind Dridex malware have been very active. Across all the recent Dridex phishing campaigns the technique is the same....
Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC. “SystemBC can be purchased...
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging....
Nowadays, more malware developers are using unconventional programming languages to bypass advanced detection systems. The Node.js malware Lu0Bot is a testament to...
An advanced malware downloader named GuLoader has recently been exposed by cybersecurity researchers at CrowdStrike. This advanced downloader has the capability to...
Proofpoint researchers report the detection of a new variant of remote access Trojan (RAT) characterized by the use of multiple techniques and...
Security researchers from the threat hunting and intelligence company Group-IB have revealed that in 2020, at least two espionage groups from China...
AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output...
PEframe is an open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware...
A Sophisticated Ursnif Malware variant using manipulated TLS call back Anti-Analysis Technique while injecting the Child Process for changing the entry point....
A wide Spread EMOTET malware emerging again with new stealthy capabilities to hijack the Windows API and evade the sandbox detection which also gives...
Our Previous post talked about the initial overview of the Shamoon 2.0 sample .This analysis is a continuation of our last post...