Webshells and MOF
/Discover how little known techniques can take advantage of seemingly normal system processes and files to give attackers a foothold on your network.
Read MoreVM Checking and Detecting
/While this is not a new tactic, it’s interesting to see that some malware authors are still concerned with writing VM resistant code. There is a shift toward avoiding sandbox technology and while this malware does display that activity, it also has broader checks that look for generic evidence of a VM.
Read MoreCurious Korlia
/Given the little amount of public information on Korlia, this made it a good candidate for further research. There isn’t an obvious C2 address called out in strings, although there are some bizarre strings. Depending on luck, those might be actual strings, or code that is being misinterpreted as a string.
Read More