CryptBot - Too good to be true

March 16, 2022 - Reading time: 13 minutes

CryptBot is an information stealer distributed by fake cracked software, it is an advanced and mature operation providing many of the underground shops with its stolen credentials.

Read more


Colibri Loader - Back to basics

February 13, 2022 - Reading time: 23 minutes

Colibri Loader makes use of common malware techniques but presents a new entry into the malware as a service market with some interesting functions. 

Read more


Campo Loader - Simple but effective

March 30, 2021 - Reading time: 8 minutes

Campo Loader is a simple but effective malware distribution chain that has been used in tandem with BazarCall to spread malware such as TrickBot and BazarLoader.

Read more


IXWare - Kids will be skids

October 6, 2020 - Reading time: 17 minutes

IXWare is what happens when inexperienced malware developers create malware as a service. We'll be analysing IXWare and how it's used to attack players of the online video game Roblox.

Read more


DiamondFox - Bank Robbers will be replaced

August 10, 2020 - Reading time: 43 minutes

DiamondFox Kettu is the newest addition to the DiamondFox family. In this post, I will be analysing and discussing how it functions, its encryption, and how it achieves its modularity.

Read more


MassLogger - Frankenstein's Creation

June 10, 2020 - Reading time: 35 minutes

An in-depth look into a new piece of malware named MassLogger. We’ll look at what functions it has and how they’re achieved, while also describing its control flow and source code.

Read more