Unpacking KiwiStealer: Diving into BITTER APTβs Malware
Learn about KiwiStealer capabilities and malware analysis of how it exfiltrates data via HTTP POST requests.
Our threat research team details KiwiStealer's capabilities and a malware analysis of how it exfiltrates data via HTTP POST requests in our latest blog: blog.pulsedive.com/unpacking-ki...
13.08.2025 17:06 β π 0 π 0 π¬ 0 π 0
Ransomch.at - a dive into ransomware negotiations
Community Resource Share: "Ransomch(.)at"
ransomch.at
A collection of real-world ransomware negotiations in support of analysis, data-driven insights, and industry collaboration.
The existing collection of chats from 23 ransomware brands so far include:
Akira
BlackBasta
Conti
Hive
Lockbit
REvil
09.06.2025 15:46 β π 1 π 0 π¬ 0 π 0
Albabat 2.0.0 Decoded: A Config-Driven Design
This blog analyzes Albabat ransomware, exploring its config file, executed ransomware commands, and ransom note.
Newest threat research blog out now: Albabat 2.0.0 Decoded
We dig into Albabat's config file, executed ransomware commands, and ransom note.
Read: blog.pulsedive.com/albabat-2-0-...
16.05.2025 17:49 β π 0 π 0 π¬ 0 π 0
Just added 1.4K+ IOCs related to phishing kit Oriental Gudgeon, primarily targeting Japanese financial services cos.
Investigate shared properties & attributes:
pulsedive.com/threat/Orien...
Explore IOCs: pulsedive.com/explore/?q=t...
Credit to the urlscan team: urlscan.io/blog/2025/05...
12.05.2025 18:19 β π 0 π 0 π¬ 0 π 0
Learn more:
US DOJ Release: www.justice.gov/opa/pr/justi...
Threat Profile: pulsedive.com/threat/Earth...
31.03.2025 18:31 β π 0 π 0 π¬ 0 π 0
In March, the US DOJ unsealed an indictment against 12 Chinese nationals for involvement in global espionage operations, including 8 i-Soon employees. Operations were related to and some attacks attributed to Earth Lusca, also known as FishMonger and Aquatic Panda, amongst other aliases.
31.03.2025 18:31 β π 0 π 0 π¬ 1 π 0
Related Threats: Hellcat & Morpheus
pulsedive.com/threat/Hellc...
pulsedive.com/threat/Morph...
- Recent growth in activity for both RaaS brands
- Identical payloads suggest shared codebase
- Differing victims and contact details
24.03.2025 15:55 β π 0 π 0 π¬ 0 π 0
This analysis covers the three known mechanisms for delivery (including PPT, Twitter, Google Ads lures) as well as the complete intrusion chain.
21.03.2025 15:27 β π 0 π 0 π¬ 0 π 0
Rilide: An Information Stealing Browser Extension
Learn about the information stealing browser extension Rilide, its delivery methods, and intrusion chain.
New analysis of Rilide delivery methods and intrusion chain out now: blog.pulsedive.com/rilide-an-in...
First reported in April 2023, Rilide is an information stealer masquerading as a browser extension targeting Chromium-based browsers.
21.03.2025 15:25 β π 0 π 0 π¬ 1 π 0
LinkedIn
This link will take you to a page thatβs not on LinkedIn
Community Share: "Black Basta Chat Leak - Organization & Infrastructure" by Cyber_0leg / Cybercrime Diaries
www.cybercrimediaries.com/post/black-b...
This blog examines exposed details of Black Basta, including its leadership hierarchies, business model, and technical infrastructure.
07.03.2025 18:16 β π 0 π 0 π¬ 0 π 0
New research on the PolarEdge botnet:
- Targeting edge devices (Cisco, QNAP, Synology, ASUS)
- Active since at least Q4 2023
- Compromised 2K+ unique IP addresses
- Report and analysis by Sekoia.io: lnkd.in/g4Wfi2Vt
- Pulsedive profile: pulsedive.com/threat/Polar...
05.03.2025 15:55 β π 0 π 0 π¬ 0 π 0
Compromised Browser Extensions - Jan 2025 | Pulsedive Blog
Learn how threat actors leverage browser extensions as an attack vector, including examples for Cyberhaven and GraphQL Network Inspector.
Browser extensions are commonly used, but present a significant security risk as a growing threat vector.
Our newest blog looks at examples from January 2025, including Cyberhaven and GraphQL Network Inspector, to discuss how threat actors compromise extensions.
blog.pulsedive.com/compromised-...
25.02.2025 17:21 β π 1 π 1 π¬ 0 π 0
Our guide includes how to install and use Assemblyline, an example walkthrough, and helpful resources.
07.01.2025 18:27 β π 0 π 0 π¬ 0 π 0
The tool is ideal for blue teams, CTI researchers, and IR professionals looking to automate and streamline malware samples processing. It is especially helpful for security teams handling large volumes of malware and seeking a scalable, customizable solution for efficient triage.
07.01.2025 18:26 β π 0 π 0 π¬ 1 π 0
30.12.2024 16:52 β π 0 π 0 π¬ 0 π 0
Pulsedive Blog | 2024 In Review
A rewind of the year across the threat landscape and at Pulsedive.
Our recap of 2024:
- Key exploited vulnerabilities
- Top malware
- Outages
- Law enforcement actions
- Looking ahead to 2025
Read: blog.pulsedive.com/2024-in-revi...
30.12.2024 16:48 β π 1 π 1 π¬ 1 π 0
just pushed an update to @pulsedive.com, should improve scan performance and Analyze bulk scan hangs.
10.12.2024 00:15 β π 2 π 2 π¬ 0 π 0
With 3 weeks left in 2024, we wanted to thank you for all you do in the security community.
So we're hosting a year-end sticker giveaway through Dec. 21- no purchase necessary.
To participate:
- Like this post π
- Fill out: forms.gle/nxLQQxNtRahS...
09.12.2024 16:59 β π 3 π 2 π¬ 0 π 0
