Thanks to UnpacMe we're able to provide data enrichment straight in the LIA interface 🫡 Detections are shown in the payload/task views and search results. This also includes UnpacMe community rule detections. Expect more enrichments and search capabilities soon 🤙 UNPACME 🤝

We’re seeing an increase in submissions this morning, so analysis may take a bit longer than usual. We’re actively monitoring and implementing some optimizations to improve analysis times. 🔨

We've pushed some updates to better process corrupted PE files. This can be common in tools such as #CobaltStrike and some packers that can store data within the header. If you see any samples that fail to process please let us know ⚒️ Happy Hunting!

UNPACME 8.5.0 is live! ⚡️ MalwareID - a blazing-fast mode for quickly identifying and extracting malware configurations. 🔎 New Pivots and Improved Search 💾 Updated DiE Interface & Rules 🚀 Yara Hunt Improvements blog.unpac.me/2024/09/08/mal…

Is this a new stealer technique or just something flying under the radar 🤔 - Open browser in kiosk mode (no escape) - Force user to enter Google creds - Steal them from the browser! cc UNPACME LoaderInsightAgency research.openanalysis.net/credflusher/ki…

Can't join #BruCON0x10 this year ? No worries, as always we will stream all talks brucon.org/2024/streaming/ and upload them to our YouTube channel youtube.com/@brucontalks the same day ! #HackingForBeer

🦺We’re seeing some processing issues that may impact overall analysis time. We’re looking into it and expect to have it resolved shortly.

Payload statistics from September 2024 📊 We observed 752 tasks distributed by threat actors across the tracked botnets. This resulted in 3841 unique payloads. Top families: 1. #StealC 2. #Amadey 3. #SmokeLoader 4. #VidarStealer 5. #Tofsee Unpacking and detection: UNPACME

Using collected intelligence, we correlated Vidar build IDs with loader task data and linked the threat actor to a Lumma Stealer campaign. Botnet identifiers are searchable in LIA and are crucial to creating a big-picture analysis. insights.loaderinsight.agency/posts/vidar-bu… #Vidar #Lumma #Stealer

AI-Powered Threat Reporting and Analysis... ATIP It's live now, check it out 🤖 blog.unpac.me/2024/11/25/ati…

We’re performing maintenance over the next few hours. The service may experience intermittent issues during this time. 🔨🦺

UPX -> PyInstaller -> PS -> Xworm Full triage with UNPACME 🚀

UNPACME 8.7.0 Malicious Python analysis, AI safety, binary signature hunting, and much more! blog.unpac.me/2025/02/05/unp…

.UNPACME has generously enabled Cert Central to find more abused code-signing certs using their platform. We'll benefit greatly from their analysis of files. Cert Central also now supports submitting files that are on unpacme; i.e., providing a hash on the submission form.

Malware Trends: Yearly 2024 📊 We have crunched the data for 2024 public UnpacMe submissions and we have some interesting stats to share… blog.unpac.me/2025/02/20/mal…

New YARA hunting for decompiled scripts with UNPACME... Lazy malware devs exposed 👀

On May 1st LIA turned 1 year 🥳🎂 The first official task was from an Amadey botnet to download & execute Lumma Stealer: loaderinsight.agency/?p=task_view&f… LIA has since received >9300 tasks from botnets, netting 51327 payloads. Big thanks to everyone who has contributed to the project!

Using the UnpacMe byte-search IDA plugin we found some Scavenger related malware dating back to October 2024. At the time the malware was dubbed ExoTickler. Analysis follows...

Payload statistics from July 2025 📊 We observed 625 tasks distributed by threat actors across the tracked botnets. This resulted in 2367 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #NirSoftNirCmd 5. #QuasarRAT Unpacking & detection: UNPACME