Poking malware one at a time.


This website is dedicated to malware analysis. Over time I will add pages for tools, resources, and in-depth analysis of malware samples.

Latest from the Blog

Solarmarker: The Old is New

The purpose of this blogpost is to document the PowerShell used by Solarmarker. The PowerShell was first observed between Feb 2022 until May 2022 and then resurfaced in September 2022. The goal of this post is to publish information regarding the PowerShell to enable others to identify and understand what the PowerShell is doing. Detecting…

SolarMarker Bloat

The goal of this post is to document SolarMarker malware as seen between May 2022 and September 2022. This malware is also known under other names (Jupyter Infostealer, YellowCockatoo, Polazert). If you are interested in earlier forms of the malware, check out my previous blog posts. The TLDR on SolarMarker is that it has been…

Solarmarker: May 2022 Persistence

The purpose of this post is to document the new persistence methods used by Solarmarker. The previous persistence methods were used from July 2021 until May 2022 (read about those here, here and here). Whether this persistence is short lived or is used for the next year, it is my desire to make it publicly…

Get new content delivered directly to your inbox.