Rundll32: The Infamous Proxy for Executing Malicious Code

Take a deeper dive into an often abused Microsoft-signed tool, the infamous rundll32.exe, which allows adversaries to execute malicious code during their offensive operations through a technique which we explain in detail

Rundll32: The Infamous Proxy for Executing Malicious Code

A Survey on the Evolution of Fileless Attacks and Detection Techniques - ScienceDirect

Rundll32: The Infamous Proxy for Executing Malicious Code

The second program that was found is rundll32exe which is a Microsoft signed

Microsoft experts linked Raspberry Robin malware to Evil Corp

Rundll32: The Infamous Proxy for Executing Malicious Code

APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.

Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies - SOC Prime

Virus Bulletin on X: The Cybereason Blue Team describe how Microsoft's rundll32.exe tool, which allows code to be loaded and executed, is often used by adversaries during their offensive operations. /

How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware

Microsoft experts linked Raspberry Robin malware to Evil Corp

Rundll32: The Infamous Proxy for Executing Malicious Code

Persistent pests: A taxonomy of computer worms - Red Canary