Malware Sakula – Evolutions v1.x (Part 1)
This post follows a paper published by Symantec about a group of attackers known as BlackVine. It describes the technical evolution of the custom-developed RAT Sakula used in campaigns targeting industries such as energy, aerospace and healthcare. By analysing the samples, we see that the code evolves over the years, becoming increasingly well-structured and defensive.