A writeup story for “The truth of Plain” | by Kulkan Security | Medium
: Documentation of how the malware attempts to bypass Personal Firewalls (PFW) or Host Intrusion Prevention Systems (HIPS). ColonelYobo_2022_Nov-Dec.zip
: Executing the malware in a controlled sandbox (like Cuckoo or Any.Run) to monitor real-time file system changes, network traffic, and API calls. A writeup story for “The truth of Plain”
: Detailed observations of how the samples interact with a system, including attempts to override DNS settings, system shutdowns, and clipboard copying. including attempts to override DNS settings
: Examining the binary or script without execution to find strings, headers, and potential packed signatures (e.g., UPX).
: Applying algorithms such as Random Forest or Gradient Boosting to classify malware types based on extracted features like file size or network connections.