Posts: 16,016
Threads: 10,210
Thanks Received: 9,321 in 7,467 posts
Thanks Given: 10,260
Joined: 12 September 18
23 July 19, 10:45
Quote:
Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.
Last year, we blogged about the Rozena malware and how this backdoor incorporated PowerShell to execute its shellcode. However, malware authors are not sticking to the same script, constantly modifying and updating their attack methods. This time we’ve observed a new malware that used server-side polymorphism to hide its payload, which is a backdoor that is fully written in PowerShell.
Continue Reading
Analysis: Server-side polymorphism & PowerShell backdoors
![[Image: G_DATA_Blog_Powershell_Illu_Header.jpg]](https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2019/07_2019/G_DATA_Blog_Powershell_Illu_Header.jpg)
![[-]](https://www.geeks.fyi/images/collapse.png)
