#FIN7

Arkbird

Arkbird_SOLG

#FIN7As reported by @KorbenD_Intel, the initial powershell script use DeflateStream method for uncompress the zip in memory and extract it. This execute the second layer that heavily obfuscated. More 70

Steve Miller

stvemillertime

A #dailyyara thread on collection of binaries by non-malicious (but threat dense) equities: ELF SOCKS5 edition.I'm an advocate for finding malware and intrusion sets based on "rare equities," files that

By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.