Posts

CloudChat Cashes Out: Who Needs a C2 Anyways

July 4, 2024

macOS Infostealers Malware RE CTI YARA Binary Ninja

The CloudChat infostealer returns, worse in almost everyway except that now the second stage is encrypted! Yipee!

An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative

May 14, 2024

macOS Malware RE CTI AMOS Infostealer

Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.

LightSpy Malware Variant Targeting macOS ↗ ↖

April 25, 2024

macOS Malware iOS APT RE

Clearing up some misconceptions about the return of LightSpy and an analysis of the macOS version.

The Secrets of XProtectRemediator

February 29, 2024

Binary Ninja Malware RE CTI YARA macOS

A primer on macOS security internals and reverse engineering macOS’ XProtectRemediators to extract ‘secret’ YARA rules!

Revisiting Lazarus' Operation Intercept

May 13, 2023

Lazarus Malware RE CTI North Korea macOS

An analysis of a multi-stage macOS implant which shares a large number of commonalities with Lazarus’ Operation In(ter)ception.

Lazarus Using Leaked Hacking Team Tooling

December 18, 2022

Lazarus Malware RE CTI North Korea

A quick analysis of Lazarus sample which makes use of Hacking Team tools from the 2017 leak.

PizzaCrypt Analysis

September 7, 2022

Malware ransomware .NET RE

A quick analysis of some fun .NET ransomware with a goofy ransom note.