GitHub

PowerShell Shellcode Injection via Windows API.yml

description: Detects PowerShell using VirtualAlloc, CreateThread, and similar API calls for memory injection techniques. - 'VirtualAlloc' # Detects use of VirtualAlloc, a Windows API function used to ...
GitHub

defense_evasion_potential_shellcode_injection_via_a_webshell.toml

and where the call stack is pointing to an IIS Web application as the source of the injection. _arraysearch(process.thread.Ext.call_stack, $entry, $entry.protection ...
The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...