Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“:
For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common because HTTP is allowed on most networks… I found a malicious Python script that is pretty well obfuscated. The applied technique reduces its VT score to 6/60! It’s based on a mix of Based64- and Hex-encoded data… [Read more]