+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: G Data (https://www.geeks.fyi/forumdisplay.php?fid=120)
+----- Forum: G DATA Security Blog (https://www.geeks.fyi/forumdisplay.php?fid=133)
+----- Thread: Analysis: Server-side polymorphism & PowerShell backdoors (/showthread.php?tid=7863)
Analysis: Server-side polymorphism & PowerShell backdoors - harlan4096 - 23 July 19
Quote:Continue Reading
Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.
Last year, we blogged about the Rozena malware and how this backdoor incorporated PowerShell to execute its shellcode. However, malware authors are not sticking to the same script, constantly modifying and updating their attack methods. This time we’ve observed a new malware that used server-side polymorphism to hide its payload, which is a backdoor that is fully written in PowerShell.
![[Image: G_DATA_Blog_Powershell_Illu_Header.jpg]](https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2019/07_2019/G_DATA_Blog_Powershell_Illu_Header.jpg)