I published the following diary on isc.sans.edu: “More Undetected PowerShell Dropper“:
Last week, I published a diary about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. It is also important to mention that the injection technique used is similar to Jan’s diary posted yesterday but I decided to review it because it has, here again, a null VT store… [Read more]