Tracking an evolving Discord-based RAT family
RL's research team analyzed four STD Group-operated RATs, which yielded file indicators to better detect the malware, plus two YARA rules.
Robert Simmons
Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.
Posts from Robert Simmons
Tracking an evolving Discord-based RAT family
Threat actor Banana Squad exploits GitHub repos in new campaign
ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files.
Detecting Debugger Evasion: Exception Flooding
Quantum, once a popular ransomware gang, is no longer an active threat. However, ReversingLabs researchers created detection rules for a debugger evasion recently added to the Malware Behavior Catalog as Exception Flooding.
Code Reuse Across Packers and DLL Loaders
One of the core tenets of computer science is code reuse.
PoorWeb - Hitching a Ride on Hangul
Tearing Down HWP Files To Expose a Trojan
Five Uses of YARA
YARA is a useful member of the toolset of researchers, threat hunters, incident responder, and many other defenders.