Travis Smith has published a post about fileless malware on The State of Security. He notes that this type of malware isn’t really fileless. According to the author, the malware from┬áArs Technica┬áarticle┬ácreated a service for persistence. The following┬áregistry keys were written to:

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy\v4tov4\tcp

It means that the malware was not actually fileless. Learn more about this fact in the original post.

Load More Related Articles
Load More In Tips & Tricks

Leave a Reply

Your email address will not be published. Required fields are marked *