Archives of malware reversing blogs written by me
August 01, 2022 Technical Analysis of Industrial Spy Ransomware
February 20, 2022 Malware delivered via Microsoft Teams
April 14, 2021 A look at HydroJiin campaign
September 29, 2020 Spear Phishing Campaign Delivers Buer & Bazar
- [PDF] https://www.zscaler.com/blogs/security-research/spear-phishing-campaign-delivers-buer-and-bazar-malware
August 24, 2020 LinkedIn Job Seeker Phishing Campaign Spreads Agent Tesla
- [PDF] https://www.zscaler.com/blogs/security-research/linkedin-job-seeker-phishing-campaign-spreads-agent-tesla
June 19, 2020 Targeted Attack Leverages India-China Border Dispute to Lure Victims
June 11, 2020 The Return of the Higaisa APT
April 09, 2020 TrickBot Emerges with a Few New Tricks
January 16, 2020 FTCODE Ransomware — New Version Includes Stealing Capabilities
- [PDF] https://www.zscaler.com/blogs/research/ftcode-ransomware--new-version-includes-stealing-capabilities
October 30, 2019 Emotet is back in action after a short break
April 24, 2019 NovaLoader, yet another Brazilian banking malware family
- [PDF] https://www.zscaler.com/blogs/research/novaloader-yet-another-brazilian-banking-malware-family
August 16, 2018 Anti-Coinminer Mining Campaign
July 12, 2018 Cryptominers and stealers – malware edition
March 30, 2018 njRAT pushes Lime ransomware and Bitcoin wallet stealer
- [PDF] https://www.zscaler.com/blogs/research/njrat-pushes-lime-ransomware-and-crypto-wallet-grabbers
December 18, 2017 Malicious Chrome Extension Steals Cookies and Credentials of Bank Customers
- [PDF] https://www.zscaler.com/blogs/research/malicious-chrome-extension-steals-cookies-and-credentials-bank-customers
August 31, 2017 Cobian RAT – A backdoored RAT
November 21, 2016 A look at recent Stampado ransomware variant
September 16, 2016 iSpy Keylogger
October 18, 2013 Necurs DGA
- [PDF] Link Not available - Never released in public
October 10, 2013 Necurs C&C - Part 2
- [PDF] Link Not available - Moved from Norman website to Bluecoat to Symmatec to Removed
September 10, 2013 Necurs - C&C Domains Non-censorable 3
- [PDF] Link Not available - Moved from Norman website to Bluecoat to Symmatec to Removed
August 2, 2013 Necurs Revisited!
- [PDF] Link Not available - Never released in public