Malware Research Tag

A look at Zeus Trojan variant called Citadel evading traditional sandboxes Fighting traditional sandboxes (or dynamic analysis systems in general) typically comes in the form of detecting the analysis environment or evading analysis through means of behavior triggers as mentioned in a previous blog post: Using...

Malware has always been in continuous evolution: Throughout the years we have seen simple viruses become polymorphic, autonomous self-replicating code connecting to a master host and becoming a botnet, and JavaScript being used to launch increasingly sophisticated attacks against browsers. This last attack vector has become increasingly popular, as drive-by-download...

Authored by: Roman Vasilenko, Kyle Creyts Introduction There are a number of articles recently written about a Remote Access Trojan called PlugX or Korplug (with older variants known as Sogu, Thoper, TVT, or Destory RAT ) which has recently seen increasing use in targeted attacks. These articles: suggest an identity of the author of...