Summary This part of a series of binary analysis reviews of malware used (or created) by the MuddyWater threat group. MuddyWater may also be known as ATK51, Boggy Serpens, COBALT ULSTER, Earth Veta...

Summary As Rust gains popularity for systems programming, threat actors have started adopting it for malware development — from ransomware (BlackCat/ALPHV) to cross-platform backdoors (RustBucket)....

Summary When reversing C++ binaries, recognizing STL types like std::string, std::vector, and std::shared_ptr can make your analysis significantly more readable. However, IDA Pro does not natively ...

Summary When reverse engineering Linux binaries, especially statically linked or stripped ELF files, understanding system calls is essential. Linux binaries often invoke syscalls directly via int 0...

Summary Rust has quickly emerged as a popular language for malware development. Threat actors are adopting Rust to create cross-platform, highly optimized malware that can evade traditional detecti...

Summary Coming into the new year I did a personal review of plugins and frameworks that I currently use. There are also some that I am in the process of experimenting with as I may be able to appl...

Summary FAMOUS CHOLLIMA, active since 2018, is a low-sophistication adversary almost certainly operates on behalf of the North Korean government (DPRK). The adversary primarily focuses on generatin...

Summary The Ebury malware family plays a role in a much larger multi-malware family operation that has been going on for over 10 years. The ESET company has over a decade of research into this and ...

Summary According to malpedia, DarkGate malware is: “A commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) ...

Summary The following document is a collection of information I discovered while reverse engineering Golang binaries. This is specific to the context of malware and generally speaking, stripped bi...