ALL POSTS

Key Findings GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. GootLoader runs on an access-as-a-service model and has been known to deliver threats like SunCrypt, REvil, Kronos, and Cobalt Strike. The ZIP file is intentionally broken so many security and analysis tools can't open it, but Windows can, helping the malware avoid detectio

Key Findings GootLoader malware is using a malformed ZIP archive with 500-1,000 concatenated ZIP files to evade detection The malicious ZIP file is designed to trigger parsing errors in many unarchiving tools, but can still be extracted by the default Windows unarchiver GootLoader employs "hashbusting" techniques by randomizing values in non-critical ZIP file fields to generate unique payloads for each victim The attack involves delivering the malicious ZIP as an XOR-encoded

Key Findings: Adversaries continue to use GenAI with varying levels of reliance, with state-sponsored groups and criminal organizations taking advantage of uncensored and unweighted models. Threat actors are using GenAI for coding, phishing, anti-analysis/evasion, and vulnerability discovery, although significant human involvement is still required. As models continue to shrink and hardware requirements are removed, adversarial access to GenAI and its capabilities are poised