PlugX has been a well-known RAT for the last 5 years, and we have written many blog posts about it. However, there has never been known released builders for this RAT, except the one from Ahnlab which allows the building of very old samples (2011), and another which was discussed in our previous post. Using
Overview Process Hollowing is a common technique used by modern malware to create a process which appears legitimate when viewed in tools such as Task Manager, but whose code has in fact been replaced with malicious content. This post will outline the API calls used in Process Hollowing and will explain how to follow the
This malware report aims at giving a technical analysis of the BadRabbit ransomware using the Orion Malware analysis platform. It gives a technical interpretation of the Orion Malware report and focuses on discussing the similarities and distinctions between BadRabbit and NotPetya’s design and behaviour. What’s the Difference Between Bad Rabbit and NotPetya? BadRabbit is made
In the previous OXID Resolver Part 1 article [1], a way to remotely enumerate the network interfaces on a recent Windows OS machine has been described. This method does not require the knowledge of user credentials and relies on the ServerAlive2() RPC method. The latter is held by the IOXIDResolver interface. This article is dedicated
