Evasive Panda deployed fake updaters (SohuVA, iQIYI) possibly via DNS poisoning. Loader (WTL-based) uses XOR + LZMA to extract config and runs a ~9.5KB shellcode via VirtualProtect. #EvasivePanda #XOR_LZMA #IoCs https://bit.ly/499vtbt
0
0
0
0