Volgmer is a backdoor Trojan known as HIDDEN COBRA or Lazarus Group. Volgmer was used to maintain the presence and further operation of networks of organizations in the government, financial, automotive, and media industries from 2013.
Encryption was originally used only for the transfer of confidential information. However, subsequently the information was encrypted for the purpose of storing it in unreliable sources.
Karim El-Faramawi described in detail the dissecting obfuscator LLVM in his blog, as well as any possible shortcomings in the implementation of obfuscative passages.
Sysmon is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers. It runs in the background all the time and writes events to the event log.