2 matches found
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
In a recent incident response IR case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our...
New Technique Complicates Mutex Malware Analysis
Malware analysts have had a measure of success using static mutex values as a fingerprint for detecting and blocking malicious code. These values are used in programming to enable software to synchronize communication between multiple threads or processes, or to determine whether another instance...