WinDealer dealing on the side
SecureList
JUNE 2, 2022
LuoYu is a lesser-known threat actor that has been active since 2008. Layout of the encrypted data. Packets exchanged with the C2 server contain a header (described in the next table) followed by AES-encrypted data. Initial connection: the generated AES key and its CRC32, encrypted using RSA-2048 with a hardcoded public key.
Let's personalize your content