Summary This part of a series of binary analysis reviews of malware used (or created) by the MuddyWater threat group. MuddyWater may also be known as ATK51, Boggy Serpens, COBALT ULSTER, Earth Veta...

Summary The threat actor lures victims into sites that host what looks like a new game to play or test. The victims download game installers that are infected with information stealing malware. Th...

Summary Kimwolf is a new Android-based DDoS botnet that emerged in late 2025 as a variant or offshoot of the infamous Aisuru botnet. It primarily targets Android TV devices (TV boxes, smart TVs, se...

Summary As Rust gains popularity for systems programming, threat actors have started adopting it for malware development — from ransomware (BlackCat/ALPHV) to cross-platform backdoors (RustBucket)....

Summary When reversing C++ binaries, recognizing STL types like std::string, std::vector, and std::shared_ptr can make your analysis significantly more readable. However, IDA Pro does not natively ...

Summary When reverse engineering Linux binaries, especially statically linked or stripped ELF files, understanding system calls is essential. Linux binaries often invoke syscalls directly via int 0...

Summary Rust has quickly emerged as a popular language for malware development. Threat actors are adopting Rust to create cross-platform, highly optimized malware that can evade traditional detecti...

Summary Coming into the new year I did a personal review of plugins and frameworks that I currently use. There are also some that I am in the process of experimenting with as I may be able to appl...

Summary FAMOUS CHOLLIMA, active since 2018, is a low-sophistication adversary almost certainly operates on behalf of the North Korean government (DPRK). The adversary primarily focuses on generatin...

Summary The Ebury malware family plays a role in a much larger multi-malware family operation that has been going on for over 10 years. The ESET company has over a decade of research into this and ...