{"id":139037,"date":"2022-05-07T00:02:57","date_gmt":"2022-05-07T05:02:57","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/05\/this-new-fileless-malware-hides-shellcode-in-windows-event-logs"},"modified":"2022-05-07T00:02:57","modified_gmt":"2022-05-07T05:02:57","slug":"this-new-fileless-malware-hides-shellcode-in-windows-event-logs","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/05\/this-new-fileless-malware-hides-shellcode-in-windows-event-logs","title":{"rendered":"This New Fileless Malware Hides Shellcode in Windows Event Logs"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/this-new-fileless-malware-hides-shellcode-in-windows-event-logs.jpg\"><\/a><\/p>\n<p>A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.<\/p>\n<p>\u201cIt allows the \u2018fileless\u2019 last stage trojan to be hidden from plain sight in the file system,\u201d Kaspersky researcher Denis Legezo <a href=\"https:\/\/securelist.com\/a-new-secret-stash-for-fileless-malware\/106393\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a technical write-up published this week.<\/p>\n<p>The stealthy infection process, not attributed to a known actor, is believed to have commenced in September 2021 when the intended targets were lured into downloading compressed. RAR files containing Cobalt Strike and <a href=\"https:\/\/www.netspi.com\/news\/press-release\/netspi-acquires-silent-break-security\/\" rel=\"noopener\" target=\"_blank\">Silent Break<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. \u201cIt allows the \u2018fileless\u2019 last stage trojan to be hidden from plain sight in the file system,\u201d Kaspersky researcher Denis Legezo said in a technical write-up published this week. The [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-139037","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/139037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=139037"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/139037\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=139037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=139037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=139037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}