Alexander Riccio added the comment: It's not just Stuxnet, as at least one other Advanced Persistent Threat uses that tactic. An APT (likely Russian intelligence) recently used encoded PowerShell to break into the Democratic National Committe: https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
>From that article: > This one-line powershell command, stored only in WMI database, establishes an > encrypted connection to C2 and downloads additional powershell modules from > it, executing them in memory. (As a fun coincidence, they also used py2exe to distribute other modules, which is kinda like a separate interpreter using safe_exec) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26137> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
