Seeker(李标明)

About Me

Hello World, I'm Seeker(李标明) @clibm079

Independent Malware Analyst & Researcher | Author of The Path of Clarity (ebook).

Here, These titles represent my research in the malware analysis field. For more details, please visit my blog.

All content is provided strictly for educational and defensive purposes.

E-Book

• The Path of Clarity

Latest Research

• Analysis of Equation Group’s nls_933w.dll: Revealing Core Tactics and Technical Mindset.
• Static Analysis of Turla’s Uroboros: Revealing Core Tactics and Technical Mindset.
• Uroboros Revisited: Tracing PatchGuard-Evasive Techniques Beyond SSDT Hooking.
• SSDT Hooking: A Personal Walkthrough of Kernel-Mode Intrigue (Uroboros Echoes).
• From SSDT to IDT: A Personal Walkthrough of Kernel-Mode Intrigue (Uroboros Echoes).
• The Evolution of APT36’s Crimson RAT: Tracking Variants and Feature Expansion Over the Years.
• XWorm Unmasked: Weaponizing Script Obfuscation and Modern Evasion Techniques.
• The New Face of PowerShell: Ransomware Powered by PowerShell-Based Attacks.
• The Art of Evasion: How Attackers Use VBScript and PowerShell in the Obfuscation Game.
• The Art of Deception: A Deep Dive into Advanced Trojan-Dropper Obfuscation and Their True Intentions.
• Unmasking the Threat: Understanding Sophisticated Trojan-Dropper Mechanisms.
• AsyncRAT in Action: UAC-0173’s Latest Advanced Antivirus Detection & Evasion Techniques.
• Akira Ransomware Expands to Linux: the attacking abilities and strategies.
• Deobfuscating APT28’s HTA Trojan: A Deep Dive into VBE Techniques & Multi-Layer Obfuscation.
• Unveiling APT28’s Advanced Obfuscated Loader and HTA Trojan: A Deep Dive with x32dbg Debugging.
• APT44’s ASPX web shell leverages obfuscation techniques and firewall rule manipulation to evade detection.
• APT Silver Fox is using a stock investment decoy and undocumented Windows API functions to evade detection.
• The ransom group d0glun, is it hidden threat or just for fun?.
• GreenSpot APT phishing campaigns with fake 163.com login analysis.
• The North Korean nation-state APT43 Kimsuky used the PowerShell forceCopy to conduct spear-phishing analysis.
• Rapperbot how to improve and expand its ability based on an early version static analysis.
• Rapperbot static analysis for ARM architecture, the other variants to do a DDoS attack on Chinese AI startup DeepSeek.
• HailBot analysis, the other variants to do a DDoS attack on Chinese AI startup DeepSeek.
• Mirai botnet among different instruction sets: x86, ARM, PPC, and MIPS with static analysis.
• APT42 phishing campaigns and malicious code like soldiers hiding deep in the jungle.
• FunkSec Ransomware and Rust Reverse Analysis.
• Mirai: An IoT DDoS Botnet How To Protect and Disguise Itself As Aggressive Attacker Analysis.
• Botnet continue to exploit vulnerabilities and FICORA botnet analysis.
• Botnet continue to exploit vulnerabilities and CAPSAICIN botnet analysis.
• BotenaGo Malware Targets Multiple Routers with 30+ Exploit Functions and Go Reversing Analysis.
• CoinMiner embedded lots of vulnerabilities to exploit.
• Hive ransomware command-line parameters analysis.
• Unveiling Gelsemium’s (毒狼草) Linux backdoor WolfsBane.
• APT32 poisoning GitHub to target Chinese cybersecurity professionals and malware analysis.

Contact

X/Twitter: @clibm079