Poking malware one at a time.
This website is dedicated to malware analysis. Over time I will add pages for tools, resources, and in-depth analysis of malware samples.
Latest from the Blog
The purpose of this blogpost is to document the PowerShell used by Solarmarker. The PowerShell was first observed between Feb 2022 until May 2022 and then resurfaced in September 2022. The goal of this post is to publish information regarding the PowerShell to enable others to identify and understand what the PowerShell is doing. DetectingContinue reading “Solarmarker: The Old is New”
The goal of this post is to document SolarMarker malware as seen between May 2022 and September 2022. This malware is also known under other names (Jupyter Infostealer, YellowCockatoo, Polazert). If you are interested in earlier forms of the malware, check out my previous blog posts. The TLDR on SolarMarker is that it has beenContinue reading “SolarMarker Bloat”
The purpose of this post is to document the new persistence methods used by Solarmarker. The previous persistence methods were used from July 2021 until May 2022 (read about those here, here and here). Whether this persistence is short lived or is used for the next year, it is my desire to make it publiclyContinue reading “Solarmarker: May 2022 Persistence”
Get new content delivered directly to your inbox.