SolarMarker malware remains was a common threat but nothing has been published or widely shared about the actor’s actions or objectives—until now. Based on original findings from monitoring an infected computer for months, this blog-post discloses—for the first time—the financial fraud carried out by the SolarMarker actor group.
Tag Archives: YellowCockatoo
Impostor Certificates
It is common for malware to be signed with code signing certificates.
How is this possible? Impostors receive the cert directly and sign malware.
In this blog-post, we look at 100 certs used by Solarmarker malware to learn more.
Solarmarker: The Old is New
The purpose of this blogpost is to document the PowerShell used by Solarmarker. The PowerShell was first observed between Feb 2022 until May 2022 and then resurfaced in September 2022. The goal of this post is to publish information regarding the PowerShell to enable others to identify and understand what the PowerShell is doing. DetectingContinue reading “Solarmarker: The Old is New”
SolarMarker Bloat
The goal of this post is to document SolarMarker malware as seen between May 2022 and September 2022. This malware is also known under other names (Jupyter Infostealer, YellowCockatoo, Polazert). If you are interested in earlier forms of the malware, check out my previous blog posts. The TLDR on SolarMarker is that it has beenContinue reading “SolarMarker Bloat”
Squiblydoo.blog 