#MalwareAnalysis — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

CFF evolved since Mandiant's analysis: .data tables -> stack-based runtime routing. Also identified what CFF protected: exfil paths & COM/WMI init. Scripts + decrypted data (JSON) in our repo. #LummaStealer #malwareanalysis

Cybersecurity News Everyday @TweetThreatNews · 1d

Elastic Security Labs uncovered BRUSHWORM, a modular backdoor spreading via USB and stealing files, and BRUSHLOGGER, an XOR-encoded DLL side-loading keylogger targeting a South Asian financial institution. #MalwareAnalysis #SouthAsia #Backdoor ift.tt/xZcAIzm

Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER

Elastic Security Labs discovered two custom tools deployed against a South Asian financial institution: BRUSHWORM, a modular backdoor that establishes persistence, downloads plugins, spreads via USB,...

From hendryadrian.com

Network Defense Solutions @nds_security · 1d

if anyone is looking for more context on detection, here is the full working application for malicious link analysis: #malwareanalysis #dfir

Scan Malware @scanmalware · 1d

🚫 Web Malware Scan Results Website: mxqunpyx.click Security Verdict: CONFIRMED SCAM Full analysis & details: scanmalware.com/scan/0acba77c-… #InfoSec #MalwareAnalysis #DigitalSecurity #CISControls #GenerativeAI

Security Scan: 登录

✅ Low Risk - https://mxqunpyx.click/

From scanmalware.com

Network Defense Solutions @nds_security · 1d

So lately I've been looking at how malware analysis is actually done, and I think it's time some of the process changes. Once things calm down, I will be posting more tooling that we are developing to help with this process -=] #malwareanalysis #dfir

Scan Malware @scanmalware · 1d

🚫 Web Malware Scan Results Website: thunderinghoovesbloodlines.com Security Verdict: CONFIRMED SCAM Full analysis & details: scanmalware.com/scan/f3125bb9-… #SecurityScanning #MalwareAnalysis #Pentesting #AIForGood

Security Scan: Thundering Hooves: Bloodlines

✅ Low Risk - http://thunderinghoovesbloodlines.com/

From scanmalware.com

Scan Malware @scanmalware · 2d

🚫 Web Malware Scan Results Website: cdn.studenti.stbm.it Security Verdict: CONFIRMED SCAM Full analysis & details: scanmalware.com/scan/37a79493-… #AIThreatDetection #Compliance #MalwareAnalysis

Security Scan: Studenti.it - Aiuto allo studio, Riassunti e

✅ Low Risk - https://cdn.studenti.stbm.it

From scanmalware.com

Batch_7z @batch_7z · 2d

الدرس 10: حسابات الـ C Priorities ➔ فك الـ Obfuscation ++x/x++ ➔ تتبع الـ Registers والـ Loops % ➔ بطل الـ Encryption الـ Logic الصح هو أساس الـ Reverse. الكود والتحليل: batch7z.github.io/posts/10-C-lan… إيه أصعب: معادلة Static ولا Dynamic؟ #Batch_7z #MalwareAnalysis #C_Language

Scan Malware @scanmalware · 3d

🚫 Web Malware Scan Results Website: sr-cdn.azureedge.net Security Verdict: CONFIRMED SCAM Full analysis & details: scanmalware.com/scan/8012aa55-… #OnlineSafety #MalwareAnalysis #Phishing #AIThreatDetection

Security Scan: Log in

✅ Low Risk - https://sr-cdn.azureedge.net

From scanmalware.com

Chandrasekar Rathinam @chandrusecurity · 3d

🔓 ollvm-unflattener breaks OLLVM control flow obfuscation using symbolic execution. • 🧠 Recover real execution paths • ⚡ Speed up reverse engineering Blog link 👉[hackersmail.com/blog/ollvm-unf…] #Infosec #ReverseEngineering #MalwareAnalysisQaL

Vivek | Cybersecurity @VivekIntel · 3d

A VMRay and Iknaio investigation found threat actors using public blockchains like Binance Smart Chain as resilient C2 infrastructure, embedding malicious code on-chain to evade takedowns and highlighting the need for cross-chain threat monitoring. #CyberSecurity #MalwareAnalysis #BSC #ThreatIntel vmray.com/tracing-blockc…

Tracing Blockchain-Controlled Malware Across Chains

Discover how VMRay and Iknaio traced blockchain-based malware C2 infrastructure from BSC to Ethereum exchanges.

From vmray.com

iT4iNT SERVER Pvt Ltd @it4int · 4d

iT4iNT SERVER TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise dlvr.it/TRgn8z VDS VPS Cloud #Cybersecurity #ThreatHunting #MalwareAnalysis #Kubernetes #DevSecOps

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.

From thehackernews.com

TechHackDaily @TechHackDaily_ · 4d

PROCESS HOLLOWING EXPLAINED Process hollowing lets malware hide inside a legitimate process. Understand each step to detect it in memory forensics. #MalwareAnalysis #ProcessHollowing #WindowsInternals #DFIR #ThreatHunting

reverseame @reverseame · 5d

Malware Busters! CTF challenge #CloudSecurity #MalwareAnalysis #CTF #ReverseEngineering #CyberChallenge cloudsecuritychampionship.com/challenge/6

The Ultimate Cloud Security Championship | 12 Months × 12 Challenges

Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.

From cloudsecuritychampionship.com

471

Pierre Le Bourhis @plebourhis · 5d

Observed updates to #MixLoader (#GCleaner) C2 communication logic since 2026-03-11. The malware has removed its initial phase by removing GET requests to (`/info`, `/update`, `/dll`) and the subsequent encrypted DLL delivery. #MalwareAnalysis #ThreatIntel

2.5K