Sean Wilson

Sean Wilson

Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. His splits his time between reverse engineering malware and building automation tools for incident response.

http://openanalysis.net

Zombieware: Malware That Never Dies...

Self-replicating malware, long abandoned by its operators, continues to contribute significant volume and noise to malware feeds. We investigate this trend, which we refer to as Zombieware.

UnpacMe 8.0.0 – YARA Rule Management, Shared Rules, AV Detects, .NET Analysis, Icons, and Much More

Our first big release of 2024 adds a completely redesigned YARA editor with rule versioning, rule management, AV detections, .NET metadata analysis and much more.

Malware Trends: Yearly 2023

Looking back on the past year's public UnpacMe submissions, we have compiled some interesting statistics that provide an overview of the state of malware in 2023. Instead of just counting malware families, we wanted to drill deeper into our data and extract predictive trends that can help us

Weekly Malware Trends

This week we saw AgentTesla, SmokeLoader, Redline, StealC, Formbook, and Snake Keylogger as the top submitted malware families.

UnpacMe 7.5.0 - Community Rules, Improved Hunting, Goodware Integration,

UnpacMe submissions are now scanned with open source community Yara rules, a new Hunt view can be used to quickly pivot on searchable data, and Goodware labels are automatically applied to unpacked samples.

UnpacMe 7.4.0 – SourceIntel, Go Symbols, Search Filters

Results are now enriched with SourceIntel OSINT data, Go samples are now processed with GoReSym symbol recovery, and both Search and Yara results now have customizable results filters.

UnpacMe Weekly: Hunting by Moonlight

Updated Yara Hunting to improve scan coverage and lookback, aded support for Yara 4.3, and updated support for bloated files

UnpacMe Weekly: Hunting Improvements & Threat Coverage

Updated capa to use the latest version 6.0.0, expanded Goodware corpus for testing Yara rules, and improved byte search performance.

UnpacMe Weekly: New IDA Search Plugin and RisePro on the Rise

This week we've launched a new IDA Search Plugin that allows analysts to efficiently search UnpacMe for related samples and overlapping code. The plugin can search through both malware samples and our collection of Goodware files.

UnpacMe Weekly: Malware Analysis at Scale!

Last month was somewhat of a milestone for us at UnpacMe as we onboarded our 10,000th user! To celebrate we are introducing a new Boosted plan.