jm33_ng

Introduction

This article is not just about analysing a malware sample, it's more about sharing my malware analysis methodology in general, and the sample I used has some interesting characteristics that make it a good candidate for demonstration.

The sample is from a Chinese APT group known as RedDelta. The …

View comments.

I was called to handle an incident in which a malicious IP address is accessed each time the system boots. They couldn't find out what process is making the connection.

Using one of the BCC eBPF tools called tcpconnect.py, I was able to locate the malicious process that's disguised …

View comments.