SANS ISC

[SANS ISC] Malicious Script Leaking Data via FTP

I published the following diary on isc.sans.edu: “Malicious Script Leaking Data via FTP”: The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on

1 2 3 4 18