Introduction Gamaredon APT Threat Actors be like → Gamaredon APT, also known as Primitive Bear, is a cyber espionage group linked to Russian intelligence, active since 2013. Their attacks primari...

Introduction Kimsuky - Shadow of Cyber Espionage → A sample was tweeted by our lovable malwrhunterteam with the tags being pointed out to Kimsuky 😍 and it was irresitable for us to have a look ...

Introduction Recently while browsing Bazaar I saw a JS file uploaded and it peaked my interest again. As we analysed a JS dropper based in Brazil in the last blog. I thought it would be a nice id...

Introduction While browsing Bazaar, I stumbled upon a JavaScript sample that piqued my interest, as I’ve never analyzed one before. Like any curious mind, I downloaded the sample, and it turned out...

Introduction Kimsuky Waiting Period Have you ever wondered how the APT evolve its tactics over time? Today, we embark on a new series exploring this question where we look at how the Kimsuky APT ...

Introduction Kimsuky is back !!!! Finally today we look take a look at another Kimsuky sample that was uploaded by our fellow researcher Neo on X. This time, the group set its sights on the Embas...

Introduction Kimsucky ? In my previous blog post, I covered the analysis of a North Korean-based APT group called Kimsucky APT. We examined a malicious PowerShell script which acted as backdoor...

Introduction Image Credits In my previous blog post, I covered the analysis of a North Korean-based APT group called Kimsucky APT. We examined a malicious document that utilized a PowerShell scr...

Introduction Banks have historically held a certain allure for the general public, making them frequent targets of physical and digital theft attempts. One prominent example of such malware is th...

Introduction Kimsuky APT (also known as Thallium, Baby Coin, Smoke Screen) is a North Korean cyber-espionage actor involved in attacks targeting South Korean think tanks, Academia/Research , Gove...