Malware Research

17 Jul 2025 07:40

any.run - I registered using my personal email
Malware Bazaar - I also used my personal Twitter

Malware Research

17 Jul 2025 03:49

greetings fellas, I know i asked this question in the past, which malware sample site allows for samples to be downloaded on a free tier

Malware Research

16 Jul 2025 23:31

For who got the freq 4 macOS malware research, chk it out:
https://0xf00sec.github.io/0x22

Malware Research

16 Jul 2025 21:15

Is there any job in malware analysis?

Malware Research

16 Jul 2025 20:28

can you also check mine, I use only my own words and dont care about giving backstory just straight up writing what it does
https://basicacc.github.io/malware_analysis/MassLogger/7e3317f91f7d8e570800045ca8ba7e2ff136e0ea3621ed1deca8b7763b45f624.html
this is latest one I analyzed a few weeks before i dont remember honestly. is this alright or I need to be more formal

Malware Research

16 Jul 2025 19:21

Did you also use AI to write this too 😭 (just a joke no offence)

Malware Research

16 Jul 2025 10:04

I like the concept, but it feels really heavy on the LLM part

Malware Research

16 Jul 2025 07:47

Hello Alla, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

15 Jul 2025 17:17

generic detections work OK

paid Thor (by Nextron Systems) probably can detect more variants of it, but its generic rules should catch it pretty fine

if unsure, generate your own shells and run Thor against your system

Malware Research

15 Jul 2025 10:41

You would most likely be blocked by most

Malware Research

15 Jul 2025 10:37

From what I see, it's the same as the open source

Malware Research

15 Jul 2025 10:13

New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Rajesh R
User ID: 1269238954
Reason: no maldev

Malware Research

15 Jul 2025 09:19

I've never heard of bypassing malware development courses

Malware Research

14 Jul 2025 23:31

Hello everyone , any ideas how to open guidedhacking its not open for me

Malware Research

14 Jul 2025 13:37

Guys need a support in downloading godzilla webshells plz

5E54E53E70C0E3193BB9C48479F874D01338A1A8
B4B0EC3DD208D9FC27B7F6A6DBBE7B69CA275200

Malware Research

17 Jul 2025 03:49

that does not need some sorta of clearance

Malware Research

17 Jul 2025 01:27

I am completely lost after it mentions "mark of the web"

I don't think it flows very well.

Another example - it installs the legit homebrew. But I'm not seeing where that's being explained, how it happens, what leads to that

I didn't read the entire article since it's too confusing to read

One last thing, one IOC (cfocares) is mentioned to be potentially malicious. So it wasn't analyzed prior to being added as an IOC?

Malware Research

16 Jul 2025 21:41

Alright, thank you so much for feedback, will work on it. ❤️

Malware Research

16 Jul 2025 21:08

The flow seems clear, and you describe what you do. I think it will be clearer if you focus more on the formatting. Add headers, create paragraphs with a single focus, rather than lengthy ones which cover multiple topics. Nice work!

Malware Research

16 Jul 2025 20:18

I think the blog's "soul" is missing because of it. It may contain the details, but it reads as if it it is slop, because its AI slop

Malware Research

16 Jul 2025 14:42

Yeah! the wordings were churned down through LLM.

Malware Research

16 Jul 2025 10:00

Hey there! I recently wrote a blog on Medium. "Dissecting a macOS Malware Campaign."
https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc

Malware Research

15 Jul 2025 17:17

if free Thor doesn't detect it, it shouldn't be that hard to write your rules for detection. you can use their community rules and build on it, and perhaps contribute to it

Malware Research

15 Jul 2025 17:11

I really don't know why you insist on it

since it's open source, you can download and play with the tool and generate webshells of your liking

lab example - https://blog.csdn.net/zibery/article/details/124824833

someone experimenting it - https://www.cnblogs.com/smileleooo/p/18178347

please use Google Translate or whatever translation tools that you like

one more hint - you will note that cnblogs.com webshell contents are identical to VT's version, so it only means one thing...

there are also English writeups on it, though not on how to use it (I don't know why), but given that detection teams are capable of generating detections, that would mean you don't need the specific webshell, but the tool that generates it

and with that, you can come up with all kinds of combos for experimentation and generate the various use cases for detection, threat hunting, threat intelligence, etc

Malware Research

15 Jul 2025 10:39

anyone coded or uses a port 25 email validator

Malware Research

15 Jul 2025 10:29

not able to find with this hash .. i need a help with these 2 customized versions only

Malware Research

15 Jul 2025 10:11

New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Jinja jinja
User ID: 7040505425
Reason: no trading spam

Malware Research

14 Jul 2025 23:31

I believe they block most of the countries

Malware Research

14 Jul 2025 15:53

the webshell is open source

Malware Research

13 Jul 2025 11:16

Forgot to share my latest blog for my employer here! It dives into automagic reverse engineering, based on symbol recovery using Ghidra, scripts, LLMs, and knowledge from the community!

Link: https://www.trellix.com/blogs/research/automagic-reverse-engineering/