Skip to main content

CTI

2024

An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
macOS Malware RE CTI AMOS Infostealer
Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.
The Secrets of XProtectRemediator
Binary Ninja Malware RE CTI YARA macOS
A primer on macOS security internals and reverse engineering macOS’ XProtectRemediators to extract ‘secret’ YARA rules!

2023

Revisiting Lazarus' Operation Intercept
Lazarus Malware RE CTI North Korea macOS
An analysis of a multi-stage macOS implant which shares a large number of commonalities with Lazarus’ Operation In(ter)ception.

2022

Lazarus Using Leaked Hacking Team Tooling
Lazarus Malware RE CTI North Korea
A quick analysis of Lazarus sample which makes use of Hacking Team tools from the 2017 leak.