Geeks for your information Security Security Vendors G Data G DATA Security Blog v
Analysis: Server-side polymorphism & PowerShell backdoors
Analysis: Server-side polymorphism & PowerShell backdoors
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,016
Threads: 10,210
Thanks Received: 9,321 in 7,467 posts
Thanks Given: 10,260
Joined: 12 September 18
#1
Bug  23 July 19, 10:45
Quote:
[Image: G_DATA_Blog_Powershell_Illu_Header.jpg]

Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.

Last year, we blogged about the Rozena malware and how this backdoor incorporated PowerShell to execute its shellcode. However, malware authors are not sticking to the same script, constantly modifying and updating their attack methods. This time we’ve observed a new malware that used server-side polymorphism to hide its payload, which is a backdoor that is fully written in PowerShell.
Continue Reading
[-] The following 2 users say Thank You to harlan4096 for this post:
  • ismail, jasonX
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Movies! Movies!
Nuremberg A WWII ...jAcos — 13:16
TV Series
A Knight of the Seve...jAcos — 13:11
QOwnNotes
26.3.12  Added a ...Kool — 12:27
uBOLite 2026.315.1814 (already released ...
uBOLite 2026.315.1...harlan4096 — 12:12
Microsoft Edge 146.0.3856.62
Release Summary of...harlan4096 — 12:11

[-]
Birthdays
Today's Birthdays
avatar (38)francisnj3
Upcoming Birthdays
avatar (44)gapedDow
avatar (38)snorydar
avatar (43)Hectorvot
avatar (51)knowhanPluts
avatar (39)Williamengiz
avatar (46)qaqapeti
avatar (44)battsourIonix
avatar (43)CedricSek
avatar (38)Charlesfibre
avatar (43)artmaGoork

[-]
Online Staff
There are no staff members currently online.

>