Managed Defense analysts were the first one to analyse a variant of Quasar RAT specific to threat group APT10 (Red Apollo), a Chinese cyber-espionage group.
Malware theory and analysis
Memory resident viruses often use a tunneling technique to get around behaviour blocker systems. Resident tunneling viruses attempt to be the first on a call chain of interrupts, installing themselves in front of other resident applications, to call interrupts directly at the entry point of their original handler.
Direct-action viruses load with the host program into computer memory. Upon getting control, they look for new objects to infect by searching for new files. This is exactly why one of the most common kinds of computer virus is the direct-action infector and it can be crafted with relative ease by the attacker on a variety of platforms. They only infect a couple of files upon execution, but some viruses infect everything at once by enumerating all directories for victims.
The first known successful computer viruses were boot sector viruses; they are rarely used nowadays but are interesting since they can infect any computer by taking advantage of the boot process of personal computers. Because most computers do not contain an operating system in their ROM, they need to load the system from somewhere else, such as from a disk or from the network.