http://news.poseidon-us.com/TH80h1
We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[1] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all libraries required to call Microsoft API Calls and manipulate payloads:
http://news.poseidon-us.com/TH80h1
http://news.poseidon-us.com/TH80h1