A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #31912  by r0ny
 Sat Jul 28, 2018 4:49 am
In DarkHydrus’s case, the preferred payload retrieved in their previous attacks were exclusively open-source legitimate tools which they abuse for malicious purposes, such as Meterpreter and Cobalt Strike. However, in this instance, it appears that this group used a custom PowerShell based payload that we call RogueRobin.

ref:https://researchcenter.paloaltonetworks ... overnment/

.iqy file: cc1966eff7bed11c1faada0bb0ed0c8715404abd936cfa816cef61863a0c1dd6