Appears on
Articles2
DragonBreath: Dragon in the Kernel
A 0-day BYOVD vulnerability in dragoncore_k.sys signed by Zhengzhou 403 Network Technology, with shell company analysis, Dragon Breath APT-Q-27 attribution, and an APT31 / Wuhan Xiaoruizhi personnel nexus.
0
Ransom-ISAC Blog2mo agoDragon in the Kernel — Part II
Independent validation, certificate history, and an expanded driver arsenal: a prior 2024 Zhengzhou 403 GlobalSign EV certificate, a hide_process rootkit, and YDArkDrv.sys signed under the same shell company.
0
Ransom-ISAC Blog2mo ago