The simplest of all possible modifications to the original RoguePlanet.cpp (literally interchanging two letters in the source code) defeats the detection and re-enables the exploit in current, fully patched Windows 11 with Definition Update 1.453.20.0 installed.
Dr. Christopher Kunz
Will we wake up to see Windows Defender quarantining wermgr.exe pr the Task Scheduler in an attempt to contain RoguePlanet? Oh, the excitement….
So what looked like anti-detection padding or something in the RoguePlanet.cpp is an ISO file. At the same time, where's the EICAR that he's writing to wermgr.exe?
Of course, you say, it has to be in the ISO file. And sure it is. In a ZIP file, being extracted to a subdir named 4444.
My version also works with 1.453.21.0, as far as I can tell.
Was man über politisch motivierte Kriminalität wissen muss: Fünfzig Prozent aller Straftaten kamen 2025 von rechts. Rechte schlugen mehr als dreimal so häufig zu (Körperverletzung) wie Linke. Sechs versuchte Tötungsdelikte vs. einem. [1/2]
And another defender update, this time it's 1.453.28.0, adding yet another RoguePlanet variant: Trojan:Win64/RoguePlanet.GVA!MTB
Doesn't change anything regarding the actual exploit though - still works.
There's also a new behavioral detection named "Behavior:Win32/Bluehammzer.ZE!MTB", doesn't take a genius to guess what that's for...
Yup, here we go.
Wieviele empirische Beweise braucht's noch, dass "aBeR dIe LiNkEn SiNd gEnaUsO sChLiMm" hohles Gerede ist?
Quelle: https://www.bka.de/DE/UnsereAufgaben/Deliktsbereiche/PMK/PMKZahlen/PMKZahlen_node.html [2/2]
