malware

Linux Suspicious ELF File Static Analysis Techniques and Approaches

01 January 2026 - Posted in Threat Analyze by Jok3r

Background: Sometimes during daily cases we see suspicious detections on Linux machines which have hashes that do not exist on popular platforms and we do not have licenses for sandboxes. To resolve [...] Read more

No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch

07 June 2025 - Posted in Threat Analyze by Jok3r

Background: Linux malware is a rare example that can be encountered within an environment during its functional process. This presents a real challenge for beginners attempting malware analysis [...] Read more

Achieving Persistence for Harmful Code on Specific Devices

18 April 2025 - Posted in Other by Jok3r

Background: Some modern devices hold significant importance to attackers in the current threat landscape, especially mobile devices. The techniques used vary depending on the operating system [...] Read more

Exfiltrating Data via Images and Why trained Models Aren’t Ready for Malware Core Integration

12 April 2025 - Posted in Other by Jok3r

Background: Today’s cybersecurity landscape is full of different malware families, and one notable type is infostealers. Infostealers operate by executing a payload on the victim’s machine, [...] Read more

The Evolution of Malware Infection Chains: Analysis of Multiplication and Complexity Over the Years

01 March 2025 - Posted in Other by Jok3r

Background: In a perfect scenario, before malware is executed on a victim's machine, it must go through several stages and specialists. First, a core malware function writer develops its primary [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

22 January 2025 - Posted in Threat Analyze by Jok3r

Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more

Weaponizing Trust: The Fight Against Signed Malicious Code

25 November 2024 - Posted in Other by Jok3r

Background: During the MITRE ATT&CK Initial Access stage (T1199), attackers often impersonate trusted sources to gain a foothold in the target environment. By originating their activities from [...] Read more

From Interviews to Infections: The Dangerous Trend of Cybercriminals in Job Recruitment

02 November 2024 - Posted in Threat Analyze by Jok3r

Background: Over the years, the tactics, techniques, and procedures (TTPs) of attackers have evolved significantly. Recently, APT groups have used new methods that have also been adopted by average [...] Read more

Aligning Malware Analysis Stages with the MITRE ATT&CK Framework: A Unified Approach to Threat Detection and Response

22 August 2024 - Posted in Incident Response by Jok3r

Background: In incident response, knowing how to analyze malware is crucial. Relying only on sandboxes to study malware behavior often isn't enough. Sandboxes might miss important details that could [...] Read more