<feed xmlns="http://www.w3.org/2005/Atom"> <id>https://filescanio.github.io/</id><title>Threat Labs</title><subtitle>Threat Labs is a threat research team dedicated to uncovering the latest cyber threats focusing on malware analysis, reverse engineering, and cutting-edge detection techniques.</subtitle> <updated>2026-07-17T15:25:04+00:00</updated> <author> <name>FileScan's Threat Labs</name> <uri>https://filescanio.github.io/</uri> </author><link rel="self" type="application/atom+xml" href="https://filescanio.github.io/feed.xml"/><link rel="alternate" type="text/html" hreflang="en" href="https://filescanio.github.io/"/> <generator uri="https://jekyllrb.com/" version="4.4.1">Jekyll</generator> <rights> © 2026 FileScan's Threat Labs </rights> <icon>/assets/img/favicons/favicon.ico</icon> <logo>/assets/img/favicons/favicon-96x96.png</logo> <entry><title>Inside a Pre-Deployment Syntrix Campaign</title><link href="https://filescanio.github.io/posts/Syntrix-RAT-analysis/" rel="alternate" type="text/html" title="Inside a Pre-Deployment Syntrix Campaign" /><published>2026-05-25T00:00:00+00:00</published> <updated>2026-05-25T00:00:00+00:00</updated> <id>https://filescanio.github.io/posts/Syntrix-RAT-analysis/</id> <content type="text/html" src="https://filescanio.github.io/posts/Syntrix-RAT-analysis/" /> <author> <name>FileScan's Threat Labs</name> </author> <category term="malware-analysis" /> <summary>FileScan.io captured a complete four-stage delivery chain for a Quasar-based RAT before the operator replaced its loopback C2. 0/21 AV detections. Here is what we found.</summary> </entry> <entry><title>Christmas themed attacks are here!</title><link href="https://filescanio.github.io/posts/Christmas-time!/" rel="alternate" type="text/html" title="Christmas themed attacks are here! " /><published>2025-12-19T07:00:00+00:00</published> <updated>2025-12-23T13:49:35+00:00</updated> <id>https://filescanio.github.io/posts/Christmas-time!/</id> <content type="text/html" src="https://filescanio.github.io/posts/Christmas-time!/" /> <author> <name>FileScan's Threat Labs</name> </author> <category term="Research" /> <category term="Malware" /> <category term="Sandbox" /> <category term="Threat Intelligence" /> <summary>OPSWAT discovered a barely documented malware-as-a-service now using opportunistic Christmas themes. This loader framework leverages steganography and several layers in the infection chain before dropping the final payload, commnly commodity RATs.</summary> </entry> <entry><title>Detecting Malware in AI Models with Filescan.io</title><link href="https://filescanio.github.io/posts/Detecting-malware-in-AI-Models-with-Filescanio/" rel="alternate" type="text/html" title="Detecting Malware in AI Models with Filescan.io" /><published>2025-09-24T07:00:00+00:00</published> <updated>2025-09-24T07:00:00+00:00</updated> <id>https://filescanio.github.io/posts/Detecting-malware-in-AI-Models-with-Filescanio/</id> <content type="text/html" src="https://filescanio.github.io/posts/Detecting-malware-in-AI-Models-with-Filescanio/" /> <author> <name>FileScan's Threat Labs</name> </author> <category term="Research" /> <category term="Malware" /> <category term="Sandbox" /> <summary>With the rise of AI adoption, malicious AI models are emerging as a new vector in real-world attack campaigns. This blog explores how threat actors leverage AI to make it become real threats — and how emulation-based sandbox ultilizes pickle scanning tools, disassembly code analysis to deal with these Malicious models and detect advanced evasion techniques used in the wild</summary> </entry> <entry><title>MetaDefender Sandbox and AI: Redefining Threat Detection</title><link href="https://filescanio.github.io/posts/Sandbox-and-AI/" rel="alternate" type="text/html" title="MetaDefender Sandbox and AI: Redefining Threat Detection" /><published>2025-02-21T07:00:00+00:00</published> <updated>2025-03-14T14:04:43+00:00</updated> <id>https://filescanio.github.io/posts/Sandbox-and-AI/</id> <content type="text/html" src="https://filescanio.github.io/posts/Sandbox-and-AI/" /> <author> <name>FileScan's Threat Labs</name> </author> <category term="Sponsored" /> <category term="Sandbox" /> <category term="Threat Intelligence" /> <summary>Discover how AI-powered services enhance our sandbox, enabling advanced detection capabilities. We explore intricate details, showcase real-world cases, and demonstrate how AI-driven features dynamically adapt to evolving threats with precision.</summary> </entry> <entry><title>New JavaSquid Malware Family: Uncovering an Opportunistic Malware Campaign with FileScan.io</title><link href="https://filescanio.github.io/posts/JavaSquid-research/" rel="alternate" type="text/html" title="New JavaSquid Malware Family: Uncovering an Opportunistic Malware Campaign with FileScan.io" /><published>2024-11-11T07:00:00+00:00</published> <updated>2024-11-11T07:00:00+00:00</updated> <id>https://filescanio.github.io/posts/JavaSquid-research/</id> <content type="text/html" src="https://filescanio.github.io/posts/JavaSquid-research/" /> <author> <name>FileScan's Threat Labs</name> </author> <category term="Research" /> <category term="Malware" /> <summary>OPSWAT discovered JavaSquid, a new malware family using fake AI software to infect systems. The campaign, ongoing since mid-July 2024, uses evasive JavaScript techniques and links to previous attacks with stolen digital certificates from Chinese companies. Insights gained have enhanced OPSWAT's MetaDefender Sandbox capabilities.</summary> </entry> </feed>
