I published the following diary on isc.sans.edu: “Divided Payload in Multiple Pasties”: In politic, there is a strategy which says “divide and conquerâ€. It’s also true for some pieces of malware that spread their malicious code amongst multiple sources. One of our readers shared a sample of Powershell code found
I published the following diary on isc.sans.edu: “Malicious Powershell using a Decoy Picture“: I found another interesting piece of malicious Powershell while hunting. The file size is 1.3MB and most of the file is a PE file Base64 encoded. You can immediately detect it by checking the first characters of
I published the following diary on isc.sans.org: “Malicious Powershell Targeting UK Bank Customers”: I found a very interesting sample thanks to my hunting rules… It is a PowerShell script that was uploaded on VT for the first time on the 16th of May from UK. The current VT score is still
