Simplifying MBA obfuscation with CoBRA
Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and sof...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1027 — Obfuscated Files or Information (Defense Evasion)
Clear filter8 articles found
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examine...
XLoader malware Sharpens Obfuscation, Masks C2 Traffic via Decoy Servers
XLoader’s developers have released new versions that significantly harden the malware’s code and hide its command‑and‑control (C2) traffic behind layers of e...
DeepLoad Malware Uses ClickFix and AI Evasion to Hit Enterprise Networks
New “DeepLoad” malware is turning a single user click into fileless, credential‑stealing persistence inside enterprise networks, leveraging the ClickFix tech...
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.
Hackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER Attacks
A South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side‑loaded keylogger ...
Fraud Investigation Reveals Sophisticated Python Malware
Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure
OysterLoader Evolves With New C2 Infrastructure and Obfuscation
OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation & infection stages