Cisco Talos has uncovered a BadIIS variant, identifiable by its embedded “demo.pdb” strings, that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization.
First seen on blog.talosintelligence.com
Jump to article: blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/
