Archive - Anchored Narratives on Threat Intelligence and Geopolitics

Course Review - TrainSec Malware Analysis and Development

Digging deeper into Windows malware development with Pavel Yosifovich and Uriel Kosayev.

Feb 3 •

August 2024

Reversing DISGOMOJI with Malcat like a BOSS

A review of a binary analysis platform for threat analysts and reversers

Aug 18, 2024 •

January 2023

The Trojan solved the Bhima Koregaon case!

How proper file, malware, and memory forensics techniques were able to catch the ModifiedElephant threat actor planting incriminating evidence on…

Jan 15, 2023 •

February 2022

The Trojan did it defence is real!

A historical deep dive in planting digital evidence by nation-state actors to incriminate political opponents.

Feb 13, 2022 •

Course Review - Zero2Automated Advanced Malware Analysis Course

The OSCP experience for reversing malware. Try harder!

Feb 12, 2022 •

October 2021

Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.

A case study into a threat actor that is likely originating from Pakistan which is leveraging CrimsonRat and malicious documents to control their…

Oct 13, 2021 •

July 2021

Course Review - Kaspersky Targeted Malware Reverse Engineering

Getting to know real-life APT malefactors, miss IDA and APT's by members of the Global Research and Analysis (GReAT) team - And a Q&A with the course…

Jul 13, 2021 •

Geopolitical nation-state threat actor overview June 2021

Tracking nation-state apt actors, like Desert Viper, OceanLotus, APT34, APT41, and TransparentTribe in areas with high geopolitical tensions via Twitter…

Jul 2, 2021 •

June 2021

Geopolitical nation-state threat actor overview May 2021

Tracking nation-state apt actors, like Desert Viper, SideWinder, Bitter, and TransparentTribe in areas with high geopolitical tensions via Twitter…

Jun 5, 2021 •

May 2021

Tracking StrongPity with Yara

Alleged Turkish nation-state actor keeps infecting victims with trojanized software

May 24, 2021 •

All your xor'ed data are belongs to us

Deriving plaintext from ciphertext only

May 16, 2021 •

Did China’s PLA Unit 61419 purchase foreign Antivirus Products for Exploitation?

A review of another disputed threat intelligence story

May 10, 2021 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts