I published the following diary on isc.sans.edu: “Python Shellcode Injection From JSON Data“:
My hunting rules detected a niece piece of Python code. It’s interesting to see how the code is simple, not deeply obfuscated, and with a very low VT score: 2/56!. I see more and more malicious Python code targeting the Windows environments. Thanks to the library ctypes, Python is able to use any native API calls provided by DLLs.
The script is very simple, so here is the full code… [Read more]