Geeks for your information Security Security Vendors G Data G DATA Security Blog v
Analysis: Server-side polymorphism & PowerShell backdoors
Analysis: Server-side polymorphism & PowerShell backdoors
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,235
Threads: 10,300
Thanks Received: 9,358 in 7,504 posts
Thanks Given: 10,336
Joined: 12 September 18
#1
Bug  23 July 19, 10:45
Quote:
[Image: G_DATA_Blog_Powershell_Illu_Header.jpg]

Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.

Last year, we blogged about the Rozena malware and how this backdoor incorporated PowerShell to execute its shellcode. However, malware authors are not sticking to the same script, constantly modifying and updating their attack methods. This time we’ve observed a new malware that used server-side polymorphism to hide its payload, which is a backdoor that is fully written in PowerShell.
Continue Reading
[-] The following 2 users say Thank You to harlan4096 for this post:
  • ismail, jasonX
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Kaspersky\VPN\KSOS 21.26 (MR26) & KES 14...
harlan4096 — 11:58
Adobe Acrobat Reader DC 2026.001.21483
Adobe Acrobat Read...harlan4096 — 11:56
Microsoft Edge 147.0.3912.86
Version 147.0.3912...harlan4096 — 11:55
AMD EXPO 1.2 now available, adds partial...
1usmus reveals AMD...harlan4096 — 11:40
Microsoft Rolls Out Windows Update to Re...
Microsoft is rolli...harlan4096 — 11:36

[-]
Birthdays
Today's Birthdays
avatar (51)steakelask
avatar (45)Termoplenka
Upcoming Birthdays
avatar (51)Toligo

[-]
Online Staff
There are no staff members currently online.

>