Malware Headliners: Emotet
Emotet is a banking trojan that topped the list for most widely seen malware in 2021. Similar to some of my previous posts, Emotet is...
Malware and DFIR Research
Welcome to Atomic Matryoshka, a cybersecurity blog dedicated to malware reversing, digital forensics, and incident response. Check out the latest content and feel free to share with the greater community.
Explore
Search
Indicators of Compromise (IOCs) List from Analyzed Samples
Living list of IOCs identified for all samples analyzed and published
Malware Headliners: Qakbot
Learn how to dissect Qakbot malware as we analyze one of the latest versions found in the wild
Malware Headliners: Dridex
Dridex is a banking trojan that has plagued the cyberverse for years. Check out this post for some initial malware analysis.
"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer
Dynamic analysis involves running a binary and observing its behavior in a controlled environment. This can be of significant benefit...
"Cracking Open the Malware Piñata" Series: Intro to Static Analysis with Kazy Trojan
Static analysis, put concisely, is getting information from a specimen without actually executing/detonating it. While it is less...
"Cracking Open the Malware Piñata" Series: Analysis Environment Setup
In recent weeks I've spent a good amount of time delving into a topic that truly fascinates me, and that's malware reverse engineering....
AutoRun Malware: Why your computer is summoning dark lords after you plugged in that parking lot USB
For the last three weeks you've overheard your coworkers go on and on about the MMORPG they've been playing online. Curiosity starts...
Pesky Persistence: How "Turning It Off and On Again" May Not Solve Your Problem
Anyone that uses a computer has heard the old "have you tried turning it off and on again" as a solution to experiencing issues;...
Hacking the Brain: The Psychology of Phishing and Social Engineering
We hear it regularly in workplace trainings and general reporting: watch out for phishing emails and don't click on those links! Some...
Process Injection: Malware Lurking in the Shadows of Legitimate Programs (Part 2)
In part 1 of this series, we delved into a basic understanding of what process injection is and the different mechanisms by which it can...
Process Injection: Malware Lurking in the Shadows of Legitimate Programs (Part 1)
It's a Saturday afternoon, you're tinkering with your computer, and a random curiosity happens to pique your interest. You start taking a...
Malicious C2 Domains: How to stomp a moving target
It's rare to find single-stage malware that is powerful, tailored, and effective on a particular target. How do attackers retain control...
Web Shells: The Hacker's Pearl in a Sea of Networked Environments
In this blog post, we break down what a web shell is and why it poses a risk to a digital environment, review a recent event involving...
Windows Authentication Bypass via Accessibility Binaries
We've probably all encountered the frustrating moment of trying to login to your computer after a brief hiatus from work or school, to ...
RANSOMWARE: WHAT IS IT AND WHY HAS IT TAKEN CYBERSPACE BY STORM?
Unfortunately there is no rarity in daily news reporting on a new corporate victim of ransomware. The general population is most privy to...
BASIC SECURITY LOG ANALYSIS ON WINDOWS
Security log analysis is helpful and effective on Windows when it comes to characterizing activity involving user accounts, remote access...
CONTACT
