From WOMEN.dll dropper → Sleestak infrastructure:
Multi-stage JScript + PowerShell loader with AES-256 + XOR, process hollowing into aspnet_compiler.exe, Microsoft-spoofed scheduled task (logon trigger), and exposed daily-rotating payload directories on open index listing.Full chain analysis, builder artifacts, IOCs here: https://medium.com/@darkjstr/tracking-a-live-heracles-rat-campaign-from-women-dll-to-sleestak-infrastructure-7545df27646a

#HeraclesRAT #ThreatIntel #MalwareAnalysis #CyberSecurity #InfoSec #DFIR #CTI #ReverseEngineering #RAT #Sleestak