Using Syscall() for Obfuscation/Fileless Activity, (Mon, Oct 20th)

I found another piece of malware this weekend. This one looks more like a proof-of-concept because the second-stage payload is really “simple”, but it attracted my attention because it uses a nice technique to obfuscate the code.

This article has been indexed from SANS Internet Storm Center, InfoCON: green

Read the original article: