0.9.13 is out: MacOS port, MCP server and dark mode Malcat version 0.9.13 is out! In this release, we have added 3 features that were asked a lot: a MacOS port of Malcat, an integrated MCP server for LLMs to analyse malware with malcat and finally a pr...

We're happy to announce that #malcat 0.9.13 is out!
You'll find a new Apple-silicon MacOS port, two integrated MCP servers (in-GUI +headless) for automated triage and an improved interface:
malcat.fr/blog/0913-is...

0.9.12 is out: Python 3.14, PYC and .NET stack analysis Malcat version 0.9.12 is out! This time we have focused on python and dotnet disassembly, with a new stack analysis that should improve their disassembly listing readability. We have also added suppor...

#malcat 0.9.12 is out!

Enjoy .pyc and .net stack analysis, py 3.14 support, nuitka / inno 6.7 / .net singlefile bundle parsers and may other improvements:

malcat.fr/blog/0912-is...

100DaysofYARA/Squiblydoo/Day9.yara at main · Squiblydoo/100DaysofYARA Rules shared by the community from 100 Days of YARA 2026 - Squiblydoo/100DaysofYARA

This scripts are deceptive as they contain 10,000 empty lines. BTW #malcat loads scripts like these better than most text editors.

If I get the chance, I may revise it to see how to find ones without the matching text or if you have ideas, hmu.

github.com/Squiblydo...
3/3

#Malcat tip:

#Kesakode can be useful even when facing unknown/packed samples. Check "Show UNK" and focus on unique code and strings.

Here a simple downloader:

0.9.11 is out: ARM and MachO analysis Malcat version 0.9.11 is out! With this release, Malcat is now able to analyse MacOS programs. That means: addition of Armv7, Armv8 and Aarch64 disassemblers and decompilers as well as MachO, DMG and...

#Malcat version 0.9.11 has been released, with support for ARM and Mach-O program analysis.
More details below:
malcat.fr/blog/0911-is...

#Malcat tip #10: analysing backdoored clean software can be hard.
A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):

First steps with #malcat? Here is a tutorial video, courtesy of
@invokereversing.bsky.social :
www.youtube.com/watch?v=gqES...

You can now check your strings in #malcat against an online library of #Malpedia FLOSSed strings. Just copy this plugin:

github.com/malpedia/mal...

0.9.10 is out: CFG recovery, MIPS & UI improvements Malcat version 0.9.10 is out! In this release, we have improved Malcat's CFG recovery algorithm and compared its performances against other reversing software. A new CPU architecture (MIPS) has also b...

#Malcat 0.9.10 is out! State-of-the-art CFG recovery, MIPS disassembler & decompiler and many UI improvements;

malcat.fr/blog/0910-is...

I will always love you
#mal #malcat #sugarpants #cats #cat #captainmalcolmreynolds #captainmal #rip #rainbowbridge

In the next version of #malcat, we will include an _offline_ smaller #kesakode database which will only contain conflict-free malware signatures.

This will be fast and run with every analysis. You can always get the full deal (clean + lib) afterwards with an online query.

You'll soon be able to export #Malcat views to files:
● Summary report as HTML+ SVG
● Proximity & call graph views as SVG or PNG
● Struct/hex/disasm views as HTML
● Strings, symbols, intel, kesakode and other views as CSV

Unsigned FUD "Electrum-USDT" drops a signed binary signed by "Netzsh Scientific Instruments TRADING(Shanghai) Ltd."

Images:
Report to issuer with more explanation about sus activity
#malcat flagging PowerShell
attrib +h / bitsadmin-transfer in installer
anyrun_app anti-analysis indicators