This post is the second part of article on the Sakula malware. It follows the first one available here and covers versions 2.x and 3.x. It provides a lot of technical details to follow Sakula evolution. Some parts of the article can be a bit long to read, but the fact to put constants, pathes,
PlugX has been a well-known RAT for the last 5 years, and we have written many blog posts about it. However, there has never been known released builders for this RAT, except the one from Ahnlab which allows the building of very old samples (2011), and another which was discussed in our previous post. Using
This malware report aims at giving a technical analysis of the BadRabbit ransomware using the Orion Malware analysis platform. It gives a technical interpretation of the Orion Malware report and focuses on discussing the similarities and distinctions between BadRabbit and NotPetya’s design and behaviour. What’s the Difference Between Bad Rabbit and NotPetya? BadRabbit is made
In the previous OXID Resolver Part 1 article [1], a way to remotely enumerate the network interfaces on a recent Windows OS machine has been described. This method does not require the knowledge of user credentials and relies on the ServerAlive2() RPC method. The latter is held by the IOXIDResolver interface. This article is dedicated
