Introduction Emmy’s Tweet → While browsing for new samples to analyze, I came across this tweet from Emmy, and it caught my attention since most of the samples he posts are DPRK-based. The replie...

Introduction After a short break, I’m back with something new—today, we’re diving into a ransomware sample that a friend sent my way. To be honest, this is my first time reversing a ransomware samp...

Introduction Gamaredon APT Threat Actors be like → Gamaredon APT, also known as Primitive Bear, is a cyber espionage group linked to Russian intelligence, active since 2013. Their attacks primari...

Introduction Kimsuky - Shadow of Cyber Espionage → A sample was tweeted by our lovable malwrhunterteam with the tags being pointed out to Kimsuky 😍 and it was irresitable for us to have a look ...

Introduction Recently while browsing Bazaar I saw a JS file uploaded and it peaked my interest again. As we analysed a JS dropper based in Brazil in the last blog. I thought it would be a nice id...

Introduction While browsing Bazaar, I stumbled upon a JavaScript sample that piqued my interest, as I’ve never analyzed one before. Like any curious mind, I downloaded the sample, and it turned out...

Introduction Kimsuky Waiting Period Have you ever wondered how the APT evolve its tactics over time? Today, we embark on a new series exploring this question where we look at how the Kimsuky APT ...

Introduction Kimsuky is back !!!! Finally today we look take a look at another Kimsuky sample that was uploaded by our fellow researcher Neo on X. This time, the group set its sights on the Embas...

Introduction Kimsucky ? In my previous blog post, I covered the analysis of a North Korean-based APT group called Kimsucky APT. We examined a malicious PowerShell script which acted as backdoor...

Introduction Image Credits In my previous blog post, I covered the analysis of a North Korean-based APT group called Kimsucky APT. We examined a malicious document that utilized a PowerShell scr...