UnpacMe Weekly: Hunting by Moonlight
Updated Yara Hunting to improve scan coverage and lookback, aded support for Yara 4.3, and updated support for bloated files
Sean Wilson
UnpacMe Weekly: Hunting Improvements & Threat Coverage
Updated capa to use the latest version 6.0.0, expanded Goodware corpus for testing Yara rules, and improved byte search performance.
UnpacMe Weekly: New IDA Search Plugin and RisePro on the Rise
This week we've launched a new IDA Search Plugin that allows analysts to efficiently search UnpacMe for related samples and overlapping code. The plugin can search through both malware samples and our collection of Goodware files.
UnpacMe Weekly: Malware Analysis at Scale!
Last month was somewhat of a milestone for us at UnpacMe as we onboarded our 10,000th user! To celebrate we are introducing a new Boosted plan.
UnpacMe Weekly: Search Sharing is Caring
Searches can now be shared with our new share search URL feature.
UnpacMe Weekly:It's Raining Redline
This week we've observed a substantial increase in Redline Stealer submissions. A large number of these are utilizing a hash-busted packer.
UnpacMe Weekly: New variants of in2al5dp3in4er and StrelaStealer
We have identified new variants of in2al5dp3in4er (invalid printer) packer being used to distribute Aurora Stealer and Vidar Stealer. These variants were observed to have low AV detection rates.
UnpacMe Weekly: New Version of IcedId Loader
This week we've updated coverage for IcedId and an IcedId fork based on a newly observed version.
UnpacMe Weekly: Search Everything
This week we've introduced the ability to search for samples using ascii, wide, and hex-encoded strings. Quickly find related samples, and test pattern uniqueness without running a full Yara scan.
UnpacMe Weekly: Large file with Zip Archive Support and Family Updates
We have increased the size of submissions from 20MB to 100MB and have added support for zip archives which contain a single executable (PE) file.