Intelligence Reports
// AUTHORED BY 0x_OLYMPUS
Technical Analysis: UpCrypter Loader Delivering XWorm V5.6 RAT Targeting Brazilian Users
Full chain analysis of a multi-stage campaign delivering XWorm V5.6 via a .NET loader (UpCrypter) disguised as a NF-e lure, with complete static, dynamic, and config extraction.
Technical Analysis: XWorm v5.6 JavaScript Dropper → Fileless Loader Chain
multi-stage malware infection chain delivering XWorm RAT v5.6 using a JavaScript dropper masquerading as a PDF document
Technical Analysis: EvilSoul1337 Stealer-as-a-Service
Dissecting a Node.js-based Stealer-as-a-Service (SaaS) platform utilizing Electron, Discord Webhooks, and WebSocket C2s targeting gamers.
Active Phishing & PIX Fraud Operation Impersonating Brazilian DETRAN
Impersonation of Brazilian DETRAN (Department of Motor Vehicles).
Technical Analysis: CS2 Fake Cheat Ransomware
A deep dive into a .NET ransomware distributed as a Counter-Strike 2 'Mod Menu' targeting Brazilian gamers.
Technical Analysis: WhatsApp Web Automation Worm
Investigation of a Python-based stage that hijacks browser sessions to automate mass malware dissemination via WhatsApp Web.
Malware Campaign: LNK + MSBuild abuse targeting Brazil
Analysis of a campaign distributing malware via .LNK files disguised as DANFE/CFDI invoices, abusing MSBuild to execute fileless payloads.
Investigation: Critical IDOR in PIX Payment Gateway
Analysis of a mass phishing campaign mimicking the Postal Service that revealed a massive IDOR in a payment processor, exposing PII and enabling fraud.