geumlandininsomniacsVolatility 3 — Downloading Windows Symbols for Volatility 3 on Air-gapped MachinesFor those who does or had done memory analysis before would most likely have heard of volatility, and are most likely using it for your…Jan 28, 2021Jan 28, 2021
geumlandininsomniacsPart 1: Evora vs Elise — The TwinsIf you had read my last post, you would have known that I am studying samples of Evora. At the start, it was for the purpose of learning…Mar 5, 2020Mar 5, 2020
geumlandininsomniacsConfusing naming conventionIn the report, it mentioned that the newly dubbed Sagerunex malware is an evolution of a Billbug tool known as Evora. As part of my…Jan 20, 2020Jan 20, 2020
geumlandininsomniacsOn 27 March 2019, we notice a Twitter post by ClearSky Cyber Security on having a sample named…It is said to use template injection for loading macro from 167.99.72[.]82, which then drops an unknown dll backdoor (MD5…Jun 24, 2019Jun 24, 2019