malware

No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch

07 June 2025 - Posted in Threat Analyze by Jok3r

Background: Linux malware is a rare example that can be encountered within an environment during its functional process. This presents a real challenge for beginners attempting malware analysis [...] Read more

Achieving Persistence for Harmful Code on Specific Devices

18 April 2025 - Posted in Other by Jok3r

Background: Some modern devices hold significant importance to attackers in the current threat landscape, especially mobile devices. The techniques used vary depending on the operating system [...] Read more

Exfiltrating Data via Images and Why trained Models Aren’t Ready for Malware Core Integration

12 April 2025 - Posted in Other by Jok3r

Background: Today’s cybersecurity landscape is full of different malware families, and one notable type is infostealers. Infostealers operate by executing a payload on the victim’s machine, [...] Read more

The Evolution of Malware Infection Chains: Analysis of Multiplication and Complexity Over the Years

01 March 2025 - Posted in Other by Jok3r

Background: In a perfect scenario, before malware is executed on a victim's machine, it must go through several stages and specialists. First, a core malware function writer develops its primary [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

22 January 2025 - Posted in Threat Analyze by Jok3r

Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more

Weaponizing Trust: The Fight Against Signed Malicious Code

25 November 2024 - Posted in Other by Jok3r

Background: During the MITRE ATT&CK Initial Access stage (T1199), attackers often impersonate trusted sources to gain a foothold in the target environment. By originating their activities from [...] Read more

From Interviews to Infections: The Dangerous Trend of Cybercriminals in Job Recruitment

02 November 2024 - Posted in Threat Analyze by Jok3r

Background: Over the years, the tactics, techniques, and procedures (TTPs) of attackers have evolved significantly. Recently, APT groups have used new methods that have also been adopted by average [...] Read more

Aligning Malware Analysis Stages with the MITRE ATT&CK Framework: A Unified Approach to Threat Detection and Response

22 August 2024 - Posted in Incident Response by Jok3r

Background: In incident response, knowing how to analyze malware is crucial. Relying only on sandboxes to study malware behavior often isn't enough. Sandboxes might miss important details that could [...] Read more

Mastering Browser Extensions: Key Strategies for Effective Analysis and Threat Prevention

17 August 2024 - Posted in Threat Analyze by Jok3r

Background: In today’s digital landscape, browser extensions are immensely popular for automating tasks and enhancing productivity. Millions of users rely on these tools to streamline their [...] Read more