Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources
A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructur...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1027 — Obfuscated Files or Information (Defense Evasion)
Clear filter11 articles found
UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware
UAC-0184 uses a multi‑stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed...
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell
A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy c...
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data.
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code...
Vidar Stealer Campaign Evades EDR to Steal Credentials
A new Vidar Stealer campaign is abusing trusted tools, multi‑stage loaders, and heavy obfuscation to bypass EDR visibility and steal credentials from infecte...
New Infostealer Campaign Abuses GitHub Releases to Hide Malware Payloads
A new cyberespionage campaign that abuses GitHub Releases and a PE-less Python implant to steal data from targeted Windows systems quietly. The operation com...
Deep#Door Python Backdoor Evades Detection On Windows
Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials
The Cost of Understanding: LLM-Driven Reverse Engineering vs Iterative LLM Obfuscation
Elastic Security Labs explores the ongoing arms race between LLM-driven reverse engineering and obfuscation.
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered
Simplifying MBA obfuscation with CoBRA
Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and sof...