Port 22

A new secret stash for fileless malware

We observed the technique of putting the shellcode into Windows event logs for the first time in the wild during the malicious campaign. It allows the fileless last stage Trojan to be hidden from plain sight in the file system.