Arkbird
Arkbird_SOLG
#FIN7As reported by @KorbenD_Intel, the initial powershell script use DeflateStream method for uncompress the zip in memory and extract it. This execute the second layer that heavily obfuscated. More 70
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.