Skip to main content

CTI

2024

CloudChat Cashes Out: Who Needs a C2 Anyways
macOS Infostealers Malware RE CTI YARA Binary Ninja
The CloudChat infostealer returns, worse in almost everyway except that now the second stage is encrypted! Yipee!
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
macOS Malware RE CTI AMOS Infostealer
Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.
The Secrets of XProtectRemediator
Binary Ninja Malware RE CTI YARA macOS
A primer on macOS security internals and reverse engineering macOS’ XProtectRemediators to extract ‘secret’ YARA rules!

2023

Revisiting Lazarus' Operation Intercept
Lazarus Malware RE CTI North Korea macOS
An analysis of a multi-stage macOS implant which shares a large number of commonalities with Lazarus’ Operation In(ter)ception.

2022

Lazarus Using Leaked Hacking Team Tooling
Lazarus Malware RE CTI North Korea
A quick analysis of Lazarus sample which makes use of Hacking Team tools from the 2017 leak.