Recent
CloudChat Cashes Out: Who Needs a C2 Anyways
macOS
Infostealers
Malware
RE
CTI
YARA
Binary Ninja
The CloudChat infostealer returns, worse in almost everyway except that now the second stage is encrypted! Yipee!
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
macOS
Malware
RE
CTI
AMOS
Infostealer
Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.
The Secrets of XProtectRemediator
Binary Ninja
Malware
RE
CTI
YARA
macOS
A primer on macOS security internals and reverse engineering macOS’ XProtectRemediators to extract ‘secret’ YARA rules!
Revisiting Lazarus' Operation Intercept
Lazarus
Malware
RE
CTI
North Korea
macOS
An analysis of a multi-stage macOS implant which shares a large number of commonalities with Lazarus’ Operation In(ter)ception.
Lazarus Using Leaked Hacking Team Tooling
Lazarus
Malware
RE
CTI
North Korea
A quick analysis of Lazarus sample which makes use of Hacking Team tools from the 2017 leak.