Recently, we found a new version of the Andromeda bot in the wild. This version has strengthened its self-defense mechanisms by utilizing more anti-debug/anti-VM tricks than its predecessors. It also employs some novel methods for trying to keep its process hidden and running persistently. Moreover, its communication data structure and encryption scheme have changed, rendering the old Andromeda IPS/IDS signatures useless.
Fortinet Blog | News and Threat Research Andromeda 2.7 Features
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.