Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Sharmine Low

Sharmine Low

Malware Analyst, Group-IB (APAC)

As a malware analyst in Group-IB APAC Threat Intelligence Department, Sharmine is responsible for gathering intelligence about activities of threat actors and investigating prevalent malware. Her discovery of the Android malware GoldDigger and her writing for the blogs GoldFactory and Krasue are among her noteworthy research achievements. She has also contributed her expertise to various incident response and cybercrime related cases.

With over six years of dedicated experience in the cybersecurity domain, Sharmine has excelled in roles spanning threat intelligence, incident response, and security operations across diverse industries.

Blog posts by Sharmine Low

Ransomware
January 28, 2025
Cat’s out of the bag: Lynx Ransomware-as-a-Service
In this blog, we observed how the Lynx Ransomware-as-a-Service (RaaS) group operates, detailing the workflow of their affiliates within the panel, their cross-platform ransomware arsenal, customizable encryption modes, and advanced technical capabilities.
18,918
Stealthy Attributes of APT Lazarus
Advanced Persistent Threats
November 13, 2024
Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes

In this blog, we examine a fresh take on techniques regarding concealing codes in Extended Attributes in order to evade detection in macOS systems. This is a new technique that has yet to be included in the MITRE ATT&CK framework.
49,223
Encrypted Symphony
Threat Intelligence
October 17, 2024
Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service Group
In this blog, we observed how the Cicada3301 Ransomware-as-a-Service (RaaS) group operates, detailing the workflow of their affiliates within the panel and examining the Windows, Linux, ESXi, and PowerPC variants of the ransomware.
7,664
DragonForce blog banner
Ransomware
September 25, 2024
Inside the Dragon: DragonForce Ransomware Group
In this blog, we look at the DragonForce ransomware group, which poses a severe threat with two variants—a LockBit fork and a customized Conti fork with advanced features and SystemBC malware.
38,942
lazarus apt malware banner
Advanced Persistent Threats
September 4, 2024
APT Lazarus: Eager Crypto Beavers, Video calls and Games
Explore the growing threats posed by the Lazarus Group's financially-driven campaign against developers. We will examine their recent Python scripts, including the CivetQ and BeaverTail malware variants, along with their updated versions in Windows and Python releases. Additionally, we will analyze their tactics, techniques, and indicators of compromise.
24,525
El Dorado Ransomware: The New Golden Empire of Cybercrime?
Ransomware
July 3, 2024
Eldorado Ransomware: The New Golden Empire of Cybercrime?
All about Eldorado Ransomware and how its affiliates make their own samples for distribution.
6,554
GoldDigger family
Malware Analysis
February 15, 2024
Face Off: Group-IB identifies first iOS trojan stealing facial recognition data
Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows
32,295
Malware Analysis
December 7, 2023
Curse of the Krasue: New Linux Remote Access Trojan targets Thailand
This piece of malware has an insatiable appetite. Group-IB's Threat Intelligence unit offers their insights on the new RAT used in attacks against Thai companies.
7,299