Network tunneling with… QEMU?

While investigating an incident at a large company a few months ago, kaspersky researchers detected uncommon malicious activity inside one of the systems. They ran an analysis on the artifacts, only to find that the adversary had deployed and launched the following:

  • The Angry IP Scanner network scanning utility
  • The mimikatz password, hash, and Kerberos ticket extractor, and Active Directory attack tool
  • The QEMU hardware emulator

The first two were self-explanatory, but QEMU raised a few questions. What use would the malicious actors have for a virtualizer?

Read more…
Source: Kaspersky