As OT networks continue to become more accessible to threat actors of all motivations, security threats that have historically impacted primarily IT are becoming more commonplace.

Attackers are distributing malware using a technique that abuses the URL schema.

We release ironstrings, a new IDAPython script to recover stackstrings from malware.

A suspected Turla Team operation distributing a reconnaissance utility and backdoor to malware victims in Ukraine.

We detail UNC2975 campaigns that leveraged malicious advertisements to deliver backdoor malware.

We present StringSifter, a utility that identifies and prioritizes strings according to their relevance for malware analysis.

We observed campaigns distributing a new, previously unreported variant of the popular banking malware, URSNIF.

We introduce the Speakeasy, a framework that enables emulation of malware samples at scale in the easiest way possible.

MESSAGETAP is a new malware family used by APT41 that is designed to monitor SMS traffic.

Many attackers continue to leverage PowerShell as a part of their malware ecosystem, mostly delivered and executed by malicious binaries and documents. Of malware that uses PowerShell, the most prevalent use is the garden-variety stager: an executable or document macro that launches PowerShell to download another executable and run it.