Discover and read the best of Twitter Threads about #Wslink

Most recents (2)

#ESETresearch is offering you a #behindthescenes look at the diligent work required to see through the
obfuscation techniques used in the recently described #Wslink, unique and undocumented
malicious loader that runs as a server. 1/5
@HrckaVladislav
welivesecurity.com/2022/03/28/und…
Wslink’s multilayered #virtualmachine introduced a diverse arsenal of #obfuscation techniques, which
we were able to overcome to reveal a part of the deobfuscated malicious code. 2/5
We also described the code we developed to facilitate our research. It is provided to the community
@github 3/5
github.com/eset/wslink-vm…
Read 5 tweets
#ESETresearch has discovered a unique and undescribed #loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. We have named this new malware #Wslink after one of its DLLs. 1/7 @HrckaVladislav welivesecurity.com/2021/10/27/wsl…
The initial compromise vector is not known, and we have seen only a few hits in our telemetry in the past two years, with detections in Central Europe, North America, and the Middle East. 2/7
There are no similarities that suggest this is likely to be a tool from a known threat actor group. Wslink runs as a service and listens on all network interfaces on the port specified in the ServicePort registry value of the service’s Parameters key. 3/7 Image
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!