7-Zip FakeApp Serving NetSupport Rat!
Aaron Samala
There’s a 7-Zip-masquerading site that is serving NetSupport Rat. I’ve been monitoring for a new 7-Zip FakeApp for a little over a week. This quick post shows how I became…
AnyRun
Gootloader Isn’t Broken
In this post, we take a closer look at the Gootloader malware, correcting previous assertions about its dysfunction. Through the use of tools like Process Monitor and Burp Suite, we…
Why is Ghana, Cambodia, and Brazil so interested in USPS Templates?
Explore the mysterious allure of USPS templates in countries like Ghana, Cambodia, and Brazil. Discover why official government domains might host these lure articles, and the implications for global cyber…
Starting SocGholish Research
In this concise exploration, we delve into the methodology behind tracking and analyzing SocGholish malware. Aimed at both newcomers and seasoned SOC Analysts, the article guides readers through the practical…
Is Gootkit Updating Their C2 Infrastructure?
Discover the latest strategies in cyber warfare with our investigative piece on Gootkit malware's evolving C2 infrastructure. Uncover insights into how the removal of xmlrpc.php signals a new phase in…
Gootkit is broken right now
Are you a SOC Analyst that's observed Gootkit downloads, but no beaconing activity lately? Are you a new or aspiring SOC Analyst that wants to perform your own research (and…