First Lumma Stealer IOC!
Aaron Samala
Pretty stoked! I’ve been trying to see if I could find an unreported Lumma C2 domain since about August. At some point in August, I noticed ET Labs (https://x.com/ET_Labs) had…
Malware Research
The LandUpdate808 Fake Update Variant
Discover the LandUpdate808 fake update variant, a new cybersecurity threat tracked by our team. This article details its unique delivery chain, payload variations, and indicators of compromise, emphasizing the importance…
Gootloader Isn’t Broken
In this post, we take a closer look at the Gootloader malware, correcting previous assertions about its dysfunction. Through the use of tools like Process Monitor and Burp Suite, we…
Automating Gootkit Detection with urlscan.io: A Step-by-Step Guide
Learn to automate Gootkit malware detection using urlscan.io. This guide covers the use of urlscan.io's API and Python scripting to efficiently identify and analyze malicious forum loader scripts, enhancing your…
Gootkit Search Term Research
BLUF: This document will cover research into Gootkit search term research as well as research possible verification methods. Intro: Gootkit research depends on having high quality methods to find the…
Indeed Lure Spotted!
I spotted a lure masquerading as an Indeed Career Guide resource (https//666025xyz/erp-terms-of-contract). See below. I found this while working on the Gootkit Crawler project – a project that will generate…
Starting SocGholish Research
In this concise exploration, we delve into the methodology behind tracking and analyzing SocGholish malware. Aimed at both newcomers and seasoned SOC Analysts, the article guides readers through the practical…
Is Gootkit Updating Their C2 Infrastructure?
Discover the latest strategies in cyber warfare with our investigative piece on Gootkit malware's evolving C2 infrastructure. Uncover insights into how the removal of xmlrpc.php signals a new phase in…
Gootkit is broken right now
Are you a SOC Analyst that's observed Gootkit downloads, but no beaconing activity lately? Are you a new or aspiring SOC Analyst that wants to perform your own research (and…