A Large Language Model Approach to Generating Bypass Rules for Malware Evasion in Analysis Sandbox

Sandbox evasion remains a critical challenge for automated malware analysis, as modern malware employs environment checks to detect analysis platforms and suppress malicious behavior. Existing approaches rely on manually crafted bypass rules that require deep reverse engineering of each evasion...

Static Attribution of Android Residential Proxy Malware Using Graph Kernels

Android residential proxy applications represent a growing class of potentially-unwanted programs PUPs that covertly route third-party traffic through end-user devices, enabling ad fraud, credential abuse, and evasion of geolocation controls by sophisticated threat actors. Attributing an unknown...

Exploit for Race Condition in Canonical Ubuntu_Linux

Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...

Malicious code in spectral-corsair-my-backdoor (npm)

Malicious package detected. Suspicious preinstall script exfiltrates data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0826a28f7948e68cdddd6260a01c3653a7f04deb2c9368054243ed47713ee353 The packa...

MAL-2026-1374 Malicious code in spectral-corsair-my-backdoor (npm)

Malicious package detected. Suspicious preinstall script exfiltrates data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0826a28f7948e68cdddd6260a01c3653a7f04deb2c9368054243ed47713ee353 The packa...

EUVD-2026-9078

malcontent: Nested archive extraction failure can drop content from scan inputs...

CVE-2026-28407

CVE-2026-28407 affects malcontent (software for supply‑chain analysis). Prior to version 1.21.0, it could drop or discard nested archives that failed to extract, potentially omitting content from scans. The root cause is the removal of nested archives during processing. Version 1.21.0 fixes the i...

CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

PT-2026-22408

Name of the Vulnerable Software and Affected Versions malcontent versions prior to 1.21.0 Description malcontent is software designed for identifying supply-chain compromises using context, differential analysis, and YARA. Before version 1.21.0, the software removed nested archives that failed to...

CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

Today, the Cybersecurity and Infrastructure Security Agency CISA, National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise IOCs and detection signatures for additional BRICKSTORM samples...

MAL-2025-190621 Malicious code in @eagleview/ev-mapviewer-interactions (npm)

Package is malware. It exfiltrates sensitive info, executes arbitrary code during install, and matches multiple YARA rules. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2d7da79dc7cea55b1c51c17952322ec30f3d03000a7b075252e9f74084a7a06 The package...

Malicious code in @eagleview/ev-mapviewer-interactions (npm)

Package is malware. It exfiltrates sensitive info, executes arbitrary code during install, and matches multiple YARA rules. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2d7da79dc7cea55b1c51c17952322ec30f3d03000a7b075252e9f74084a7a06 The package...

security-analytics

This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and detecting threats, which may assist detection engineers, threat hunters,...

threat-detection-as-code

This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. The...

Automatically Generating Rules of Malicious Software Packages Via Large Language Model

Today's security tools predominantly rely on predefined rules crafted by experts, making them poorly adapted to the emergence of software supply chain attacks. To tackle this limitation, we propose a novel tool, RuleLLM, which leverages large language models LLMs to automate rule generation for O...

Introducing pattern-based agentless malware detection using YARA rules

Wiz is expanding our existing detection capabilities to include pattern-based malware detection using YARA rules written by the Wiz Research team...

From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks

Large language models LLMs powering artificial intelligence AI tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively loweri...

How to Analyze Malware's Network Traffic in A Sandbox

Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address the...

iocs

It is an offensive tool for threat intelligence. The repository...

Crawlector - Threat Hunting Framework Designed For Scanning Websites For Malicious Objects

Crawlector the name Crawlector is a combination of Crawl er & Detector is a threat hunting framework designed for scanning websites for malicious objects. Note-1 : The framework was first presented at the No Hat conference in Bergamo, Italy on October 22nd, 2022 Slides, YouTube Recording. Also, i...