Summary FAMOUS CHOLLIMA, active since 2018, is a low-sophistication adversary almost certainly operates on behalf of the North Korean government (DPRK). The adversary primarily focuses on generatin...

Summary The Ebury malware family plays a role in a much larger multi-malware family operation that has been going on for over 10 years. The ESET company has over a decade of research into this and ...

Summary According to malpedia, DarkGate malware is: “A commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) ...

Summary The following document is a collection of information I discovered while reverse engineering Golang binaries. This is specific to the context of malware and generally speaking, stripped bi...

Summary I have recently purchased the new Macbook Pro M2 Max 16” as I finally wanted to switch over into the ARM world on the desktop. One of my main concerns was around my focus on reverse engine...

Summary IDA Pro does not always get the disassembly, and pseudo-C decompilation correct. When it has an issue, it can manifest in several ways but one thing you may see is a red error message in t...

Summary In FlareVM you will likely have many versions of Python installed. Not all of these are going to be compatible with IDA Pro and you may need to switch which version IDA Pro is looking at. ...

Hex-Rays tips and tricks to IDA Pro Igor Skochinsky of Hex-Rays presents a new IDA Pro tip every week. This is more of a pointer toward a “season 1” compilation of these tips and to the Hex-Rays b...

Table of Contents Executive Summary Actions leading to a DanaBot secondary payload Visual path of execution What gets dropped? IOC’s Technical Analysis ...

Table of Contents Executive Summary Initial binary Infected binaries MITRE Attack Matrix Indicators of Compromise Threat intel insights Technical Anal...