Powershell Dropping a REvil Ransomware, (Thu, Jan 21st)

I spotted a piece of Powershell code that deserved some investigations because it makes use of RunSpaces[1]. The file (SHA256:e1e19d637e6744fedb76a9008952e01ee6dabaecbc6ad2701dfac6aab149cecf) has a very low VT score: only 1/59![2].

Article Link: https://isc.sans.edu/diary/rss/27012