Introduction → This post analyzes a multi-stage campaign that targets Russian MoD,FSB and other government based instituions. The campgaign was observed throughout 2025 that uses a Rust-built PE...

Introduction → Increasingly, malware authors are leveraging legitimate digital signatures to evade detection and raise user trust. Recently, I analyzed a backdoor sample that also uses a valid dig...

Introduction → I was going through different process injection techniques on MITRE ATT&CK and noticed that some were barely documented. Thought it’d be a good idea to dig into them and write...

Introduction Emmy’s Tweet → While browsing for new samples to analyze, I came across this tweet from Emmy, and it caught my attention since most of the samples he posts are DPRK-based. The replie...

Introduction After a short break, I’m back with something new—today, we’re diving into a ransomware sample that a friend sent my way. To be honest, this is my first time reversing a ransomware samp...

Introduction Gamaredon APT Threat Actors be like → Gamaredon APT, also known as Primitive Bear, is a cyber espionage group linked to Russian intelligence, active since 2013. Their attacks primari...

Introduction Kimsuky - Shadow of Cyber Espionage → A sample was tweeted by our lovable malwrhunterteam with the tags being pointed out to Kimsuky 😍 and it was irresitable for us to have a look ...

Introduction Recently while browsing Bazaar I saw a JS file uploaded and it peaked my interest again. As we analysed a JS dropper based in Brazil in the last blog. I thought it would be a nice id...

Introduction While browsing Bazaar, I stumbled upon a JavaScript sample that piqued my interest, as I’ve never analyzed one before. Like any curious mind, I downloaded the sample, and it turned out...

Introduction Kimsuky Waiting Period Have you ever wondered how the APT evolve its tactics over time? Today, we embark on a new series exploring this question where we look at how the Kimsuky APT ...