While monitoring new threats, I came across an interesting ISO image (ced7fe9c5ec508216e6dd9a59d2d5193a58bdbac5f41a38ea97dd5c7fceef7a5) uploaded to VirusTotal from Taiwan on May 20, 2025. The ISO c...

On April 22, 2025, MalwareHunterTeam shared a hash for a low detection Linux ELF with 2 hard-coded IP addresses: 43.159.18[.]135 and 119.42.148[.]187. Upon review of the executable (ea41b2bf1064efc...

On April 18, 2025, I came across an interesting LNK file uploaded from Taiwan (f4bb263eb03240c1d779a00e1e39d3374c93d909d358691ca5386387d06be472), which I subsequently found had been initially disco...

On March 20, 2025, MalwareHunterTeam shared a sample of a ZIP file containing an LNK, uploaded from Cambodia: The ZIP file is named CNP_MFA_Meeting_Documents.zip. It contains an LNK file named M...

On February 22, 2025, MalwareHunterTeam shared a DLL uploaded from Taiwan with hash 1286aa5c73cf2c8058c52271869a5727d71ca5bd4dd0854be970d2a25cb52bf8 The DLL was uploaded from Taiwan on February ...

On January 27, 2025, @smica83 shared a sample on X indicating that it looked like Lazarus malware. I reviewed the sample and concluded that, indeed, it is a North Korean backdoor, likely the latest...

On January 15, 2025, a file named DH-Report76.pdf.lnk was uploaded to VirusTotal. The LNK file was likely being delivered to victims from army-mil[.]zapto.org. Parsing the LNK file, we can see t...

On December 28, 2024, @tayvano_ shared a great thread on X describing activity consistent with what is typically known as the “Contagious Interview” campaign conducted by North Korea-nexus threat a...

I rarely deal with malicious browser extensions, however, they are likely to become increasingly relevant in the future. It is commonly said that “the browser is the new OS”, so it only makes sense...

On December 20, 2024, a Microsoft Management Console (MSC) file named “Invitation Letter.msc” was uploaded from Thailand to VirusTotal. File name: Invitation Letter.msc Hash: 5b18f8b379cb3294...