Lumma Stealer Delivered via YouTube Videos for Cheats
Aaron Samala
TL;DR / Summary Up Front ALOHA! This shows how you can take WatchingRac‘s post, create a profile of the delivery behavior, and search YouTube for slight variations to find other…
AnyRun
Open Directory Search Leads to Aged APT-C-35 Findings
TL;DR I saw a post on X that inspired me to search Shodan. I found an open directory associated with APT-C-35 (attribution based on file hashes that were listed in…
7-Zip FakeApp Serving NetSupport Rat!
There’s a 7-Zip-masquerading site that is serving NetSupport Rat. I’ve been monitoring for a new 7-Zip FakeApp for a little over a week. This quick post shows how I became…
Gootloader Isn’t Broken
In this post, we take a closer look at the Gootloader malware, correcting previous assertions about its dysfunction. Through the use of tools like Process Monitor and Burp Suite, we…
Why is Ghana, Cambodia, and Brazil so interested in USPS Templates?
Explore the mysterious allure of USPS templates in countries like Ghana, Cambodia, and Brazil. Discover why official government domains might host these lure articles, and the implications for global cyber…
Starting SocGholish Research
In this concise exploration, we delve into the methodology behind tracking and analyzing SocGholish malware. Aimed at both newcomers and seasoned SOC Analysts, the article guides readers through the practical…
Is Gootkit Updating Their C2 Infrastructure?
Discover the latest strategies in cyber warfare with our investigative piece on Gootkit malware's evolving C2 infrastructure. Uncover insights into how the removal of xmlrpc.php signals a new phase in…
Gootkit is broken right now
Are you a SOC Analyst that's observed Gootkit downloads, but no beaconing activity lately? Are you a new or aspiring SOC Analyst that wants to perform your own research (and…