LukeAcha.com logo LukeAcha.comMalware Analysis & Detection Research

LukeAcha.com

SolarMarker Malware

SolarMarker / Jupyter research, SEO poisoning delivery, PowerShell behavior, and infostealer indicators.

SolarMarker Malware Research

Research notes related to SolarMarker / Jupyter activity, including SEO poisoning delivery, PowerShell behavior, infostealer components, infrastructure, and detection opportunities.

The first analysis of SolarMarker publically came from Morphisec, not long after Luke Acha provided a blog with some additional details, and provided some of the first YARA rules and Extraction Tools.

Research Focus

  • SEO poisoning and delivery

    Analysis focus includes search-result abuse, fake documents, installer chains, lure content, and distribution patterns.

  • PowerShell and payload behavior

    Tracking execution chains, script behavior, staged payloads, persistence, and artifacts associated with SolarMarker activity.

  • Infostealer indicators

    Useful hunting areas include file paths, command lines, network endpoints, process relationships, registry changes, and related host artifacts.

  • Related blog posts

    SolarMarker and Jupyter-related writeups can be found through the blog label page.

    View SolarMarker posts on the blog

Related Tags

SolarMarkerJupyterInfostealerSEO PoisoningPowerShellIOCs

Blog