UltimaCybr

Unlocking Lockton Ransomware

Be careful where you leave your keys

Posted on August 29, 2024

Yes… I’ve reused/reworded parts of my last post for this one because who doesn’t like to be “efficient” [Read More]
Tags:
AkitaCrypt

More bark, less bite?

Posted on August 22, 2024

A new ransomware threat has emerged, targeting Linux systems and written in the Rust programming language. [Read More]
Tags:
- linux
- malware
- reverse engineering
- akitacrypt
- rust
Sysrv Back

Now with updated obfuscation

Posted on March 24, 2024

The other day I stumbled across a nice summarised article by @herrcore regarding a new variant of Sysrv which caught my attention (especially given my previous post). Now, the article by @herrcore focussed on the Windows variant of the loader which deploys an interesting technique for retrieving the payload in... [Read More]
Tags:
- golang
- linux
- malware
- reverse engineering
- sysrv
- windows
Linux Malware Lab 101 - P1

Practical Tips for Building a Controlled Linux Test Environment

Posted on February 23, 2024

Introduction [Read More]
Tags:
Not Another Coin Miner

The Exposed Vuln Catches The Worm

Posted on October 4, 2023

Recently, I’ve investigated a couple of coin mining cases which stood out a little differently to the usual ones I see. For one, the miner had been deleted and no config was present on disk. In one instance, a suspicious cronjob was removed and the suspicious random named process killed.... [Read More]
Tags: