I published the following diary on isc.sans.edu: “Malicious Script Leaking Data via FTP”:
The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on standard Windows tools. Here are some examples… [Read more]