My name is iossefy. I ♥ open source.
Recent writing
Inside Remus Stealer: Obfuscation, Direct Syscalls, and Blockchain-Based C2
Technical analysis of Remus Stealer, a Windows information stealer string obfuscation, direct syscalls, and Ethereum-based dead-drop infrastructure for resilient C2 operations.
Threat Actor Profile: TeamPCP
TeamPCP is a threat actor linked to a coordinated campaign targeting the software supply chain through compromises of widely used open-source projects. The group deployed credential-stealing malware and used techniques such as credential harvesting, Kubernetes lateral movement, and audio steganography to reduce detection. Leveraging stolen credentials, TeamPCP expanded operations across ecosystems like npm and PyPI with a self-propagating malware strain referred to as CanisterWorm.
Analysis of a Multi-Stage JScript Dropper Delivering Remcos RAT
Technical analysis of a multi-stage JScript dropper delivering Remcos RAT via PowerShell, ConfuserEx obfuscation, process hollowing, and DNS C2.