Threats Tagged 'virtual machine obfuscation'
View all threats tagged with 'virtual machine obfuscation'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'virtual machine obfuscation'
Click on any threat for detailed analysis and mitigation recommendations
Chasing an Angry Spark 0 In spring 2022, a highly sophisticated backdoor named AngrySpark was discovered on a single machine in the United Kingdom. The malware employed a three-stage architecture: a DLL masquerading as a Windows Task Scheduler component, a custom virtual machine interpreter running bytecode instructions, and a beacon that profiles systems while disguising C2 communications as PNG image requests. The malware featured VM-based obfuscation, dual encrypted C2 channels using RSA-4096 and XXTEA encryption, direct syscalls bypassing usermode hooks, hypervisor detection, and CET-aware anti-analysis capabilities. It operated for approximately one year with active maintenance visible through syscall table updates and configuration changes between May 2022 and January 2023. The infrastructure expired in mid-2023 and the operation ceased, with no additional samples or victims identified despite the significant engineering effort invested in its development. Join the discussion | AlienVault OTX General | 04/15/2026, 09:21:55 UTC Added: 04/15/2026, 17:32:23 UTC |
Showing 1 to 1 of 1 result